3f0a06a6...9c60 | VMRay Analyzer Report
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Wiper

VMRay Threat Indicators (16 rules, 1776 matches)

Severity Category Operation Count Classification
5/5
Local AV Malicious content was detected by heuristic scan 1 -
5/5
YARA YARA match 320 Ransomware
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\$GetCurrent\SafeOS\SetupComplete.cmd.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1028\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1030\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1029\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1031\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1032\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1035\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1025\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1025\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1037\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1038\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1041\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1042\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1044\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1046\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1045\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1053\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1028\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1028\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1055\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1029\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1025\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1030\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1030\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1031\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1032\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1032\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1036\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\2070\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\3076\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\3082\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1040\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Print.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1033\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1035\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1035\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1049\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Rotate2.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Rotate3.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Rotate4.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\2052\SetupResources.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Rotate6.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Rotate7.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Rotate8.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Save.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1029\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1036\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1037\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1031\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1038\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1038\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1040\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1033\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1041\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1041\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1042\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Setup.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\stop.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Rotate1.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\warn.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1036\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1043\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1043\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1044\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\Rotate5.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1045\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1045\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1046\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1040\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1049\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1049\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1042\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1053\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1055\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1044\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1055\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\2052\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\netfx_Core_x86.msi.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1046\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\2070\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\2070\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\1053\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\3076\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\3082\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Client\Parameterinfo.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Client\UiInfo.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\2052\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Extended\UiInfo.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\3076\eula.rtf.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\ParameterInfo.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\header.bmp.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\SplashScreen.bmp.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\3082\LocalizedData.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\UiInfo.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\watermark.bmp.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\DHtmlHeader.html.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\BOOTSECT.BAK.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Boot\BOOTSTAT.DAT.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\RGB9RAST_x64.msi.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\RGB9Rast_x86.msi.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\SetupUi.xsd.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Strings.xml.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\Setup.exe.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\SetupUi.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\SetupEngine.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\SetupUtility.exe.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\588bce7c90097ed212\sqmapi.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\desktop.ini.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\Office16\OSPP.HTM.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\Office16\SLERROR.XML.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Java\jre1.8.0_144\Welcome.html.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\Office16\OSPP.VBS.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Logs\Application.evtx.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Logs\HardwareEvents.evtx.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00932_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00965_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01039_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01044_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01084_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01173_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01174_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01184_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00914_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01218_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01251_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01545_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01216_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02724_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN03500_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02122_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04117_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04134_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01060_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04191_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04195_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04196_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02559_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04225_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04235_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04267_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04108_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04323_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04326_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04332_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04355_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04369_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04269_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04385_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00116_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00141_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04206_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00155_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00160_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00173_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD05119_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04174_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06200_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07761_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07804_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04384_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07831_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08758_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08773_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00146_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08868_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09031_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06102_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09662_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10890_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10972_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09194_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19563_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09664_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19695_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19827_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19828_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08808_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19988_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD20013_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00012_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00045_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00098_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00105_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19582_.GIF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00008_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00130_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00148_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00152_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00194_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00195_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00234_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19986_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00247_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00248_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00252_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00254_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00122_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00262_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00265_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00267_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Logs\Setup.evtx.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00270_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00273_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00274_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00242_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00390_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00392_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00261_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00525_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00526_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00648_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00269_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00923_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00932_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00985_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Logs\Security.evtx.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00296_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOATINST.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00076_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00078_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00524_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00100_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00135_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00136_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00921_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00174_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00184_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00186_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOAT.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00224_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00438_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00439_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Logs\System.evtx.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00092_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00441_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00442_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00145_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00444_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00445_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00200_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01080_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01603_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01634_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00440_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01635_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01638_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01639_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01636_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC1.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC2.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLIP.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00443_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANINST.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUP.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUPINST.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00453_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00121_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00234_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00255_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CG1606.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00261_.WMF.id-B4197730.[seavays@aol.com].save".
  • Rule "DharmaEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00297_.WMF.id-B4197730.[seavays@aol.com].save".
4/5
File System Modifies content of user files 1 Ransomware
  • Modifies the content of multiple user files. This is an indicator for an encryption attempt.
4/5
File System Deletes user files 1 Wiper
  • Deletes multiple user files. This is an indicator for ransomware or wiper malware.
4/5
OS Modifies Windows automatic backups 1 -
2/5
Anti Analysis Resolves APIs dynamically to possibly evade static detection 1 -
2/5
Anti Analysis Tries to detect virtual machine 1 -
  • Possibly trying to detect VM via rdtsc.
1/5
Process Creates system object 2 -
  • Creates mutex with name "Global\syncronize_8B9U41A".
  • Creates mutex with name "Global\syncronize_8B9U41U".
1/5
File System Modifies operating system directory 1 -
1/5
Persistence Installs system startup script or application 5 -
  • Adds "C:\WINDOWS\System32\wmxsde.exe" to Windows startup via registry.
  • Adds "c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\wmxsde.exe" to Windows startup folder.
  • Adds "c:\programdata\microsoft\windows\start menu\programs\startup\wmxsde.exe" to Windows startup folder.
  • Adds "7686488" to Windows startup via registry.
  • Adds "C:\Users\FD1HVy\AppData\Roaming\wmxsde.exe" to Windows startup via registry.
1/5
Process Creates process with hidden window 1 -
  • The process "C:\WINDOWS\system32\cmd.exe" starts with hidden window.
1/5
Masquerade Changes folder appearance 4 -
  • Folder "c:\$recycle.bin\s-1-5-18" has a changed appearance.
  • Folder "c:\$recycle.bin\s-1-5-21-1051304884-625712362-2192934891-1000" has a changed appearance.
  • Folder "c:\program files\common files\microsoft shared\stationery" has a changed appearance.
  • Folder "c:\program files" has a changed appearance.
1/5
File System Modifies application directory 1433 -
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\servicewatcherschedule.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-0c0a-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00142_.gif".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-timezone-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-xstate-l2-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-convert-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-conio-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-locale-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-environment-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-multibyte-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-private-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-math-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-runtime-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-stdio-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-string-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-time-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-utility-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-filesystem-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-process-l1-1-0.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00255_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\appvscripting.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\appvcleaner.exe.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\appvshnotify.exe".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00261_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00297_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00117_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00256_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems32.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\appvshnotify.exe.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\c2r32.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\c2rui.en-us.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\i640.hash.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\i641033.hash.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\mavinject32.exe.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00407_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00413_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00414_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00419_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00372_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00448_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00449_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00687_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00705_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00405_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01138_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01139_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01140_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01039_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01145_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01146_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01151_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01015_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01157_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01160_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\concrt140.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\integratedoffice.exe.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00437_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01163_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01166_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01167_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01168_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01143_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01170_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01171_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01172_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01152_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01162_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01169_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01176_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01178_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01179_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01181_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01182_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01183_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01186_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01173_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01434_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01585_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01586_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01628_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01180_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01631_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01761_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01772_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01793_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ed00010_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01630_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ed00172_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ed00184_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\en00006_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\en00202_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ed00019_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\officec2rcom.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\msointl30.en-us.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\ucrtbase.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\clicktorun\vccorlib140.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\ink\en-us\flicklearningwizard.exe.mui".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\en00222_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\en00242_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\en00319_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\en00397_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\en00902_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00074_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00077_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00086_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00090_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\office16\liclua.exe.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig.companion.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\source engine\ose.exe.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\en00320_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00076_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig-office.xrm-ms.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pidgenx.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vc\msdia100.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vc\msdia90.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00096_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00297_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00306_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00336_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00361_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00296_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00382_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00397_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00403_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00414_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00428_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00435_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00438_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00455_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00543_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00544_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00564_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00586_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vsto\10.0\1033\vstoinstallerui.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vsto\10.0\1033\vstoloaderui.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstoinstaller.exe.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00369_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00419_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00459_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstoloader.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00779_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00799_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00814_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01074_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01084_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01176_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vsto\vstoee.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vsto\vstoee100.tlb.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vsto\vstoee90.tlb.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01193_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01196_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01548_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00775_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01658_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01659_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstomessageprovider.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\internet explorer\signup\install.ins.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\java\jre1.8.0_144\bin\awt.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\java\jre1.8.0_144\bin\bci.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\java\jre1.8.0_144\bin\dcpr.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\java\jre1.8.0_144\bin\decora_sse.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\java\jre1.8.0_144\bin\dtplugin\deployjava1.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd00965_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02068_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02071_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01191_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02088_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02097_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02115_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01657_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02141_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02153_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02158_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd01660_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\flap.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00057_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00084_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00231_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\java\jre1.8.0_144\bin\dtplugin\npdeployjava1.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\java\jre1.8.0_144\bin\deploy.dll.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02075_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00236_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00241_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02116_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00276_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00334_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00443_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\fd02161_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00524_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00526_.wmf.id-b4197730.[seavays@aol.com].save".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\hh00527_.wmf.id-b4197730.[seavays@aol.com].save".