cb82fabf...afd9

Severity	Category	Operation	Count	Classification
5/5	File System	Encrypts content of user files	1	Ransomware
Encrypts the content of multiple user files. This is an indicator for ransomware. ... VTI Actions Go to Behavior
5/5	Local AV	Malicious content was detected by heuristic scan	1	-
Local AV detected the sample itself as "Gen:Variant.Ransom.AVCrypt.33". ... VTI Actions Go to AV match Go to file details
4/5	OS	Modifies Windows automatic backups	1	-
Deletes Windows volume shadow copies. ... VTI Actions Go to process
2/5	Reputation	Known suspicious file	1	Trojan
File "C:\Users\FD1HVy\Desktop\shaofao.exe" is a known suspicious file. ... VTI Actions Go to file details
1/5	Process	Creates system object	2	-
Creates mutex with name "Global\1016B419773000". ... VTI Actions Go to Behavior
Creates mutex with name "Global\1016B419773001". ... VTI Actions Go to Behavior
1/5	Process	Creates process with hidden window	2	-
The process "C:\Users\FD1HVy\Desktop\shaofao.exe" starts with hidden window. ... VTI Actions Go to Behavior
The process "C:\WINDOWS\system32\cmd.exe" starts with hidden window. ... VTI Actions Go to Behavior
1/5	Persistence	Installs system startup script or application	3	-
Adds "C:\Users\FD1HVy\AppData\Local\shaofao.exe" to Windows startup via registry. ... VTI Actions Go to Behavior
Adds "c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\shaofao.exe" to Windows startup folder. ... VTI Actions Go to Behavior
Adds "c:\programdata\microsoft\windows\start menu\programs\startup\shaofao.exe" to Windows startup folder. ... VTI Actions Go to Behavior
1/5	Masquerade	Changes folder appearance	4	-
Folder "c:\$recycle.bin\s-1-5-18" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\$recycle.bin\s-1-5-21-1051304884-625712362-2192934891-1000" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\program files\common files\microsoft shared\stationery" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\program files" has a changed appearance. ... VTI Actions Go to Behavior
1/5	File System	Modifies application directory	397	-
Modifies "c:\program files\common files\microsoft shared\clicktorun\c2rheartbeatconfig.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\servicewatcherschedule.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\ink\en-us\boxed-correct.avi". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\stationery\desktop.ini.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\desktop.ini.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\bin\server\xusage.txt.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\ffjcext.zip.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash@2x.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_copydrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_copynodrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_linkdrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_linknodrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_movedrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_movenodrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\jvm.hprof.txt.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\readme.txt.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\lib\tzdb.dat.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\thirdpartylicensereadme-javafx.txt.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\thirdpartylicensereadme.txt.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\java\jre1.8.0_144\welcome.html.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\filesystemmetadata.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\appxmanifest.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office16\ospp.htm.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office16\ospp.vbs.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office16\slerror.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.common.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifestloc.en-us.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\packagemanifests\authoredextensions.xml.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00004_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00011_.gif". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00011_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00021_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\ink\hwrusash.dat". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00175_.gif". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00146_.wmf". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00525_.wmf". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00921_.wmf". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01635_.wmf". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01434_.wmf". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\j0086478.wmf". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\designer\msaddndr.olb.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-timezone-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-xstate-l2-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-conio-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-convert-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-environment-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-filesystem-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-math-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-locale-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-multibyte-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-private-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-runtime-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00037_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00038_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-stdio-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-process-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-time-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-string-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00052_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00040_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00090_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-utility-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00057_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00103_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00092_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvstream32.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00120_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00129_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00126_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00135_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvcleaner.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems32.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00139_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00142_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00154_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00157_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00130_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00158_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00160_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00161_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00164_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00163_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00165_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00169_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00167_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00170_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvvirtualization.dll". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00171_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00174_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00176_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00175_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00015_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00010_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00790_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvshnotify.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00914_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvscripting.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00932_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00965_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01039_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\c2rui.en-us.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00853_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\c2r32.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01044_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01060_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01084_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01173_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01174_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01216_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\i640.hash.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01218_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\concrt140.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01251_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01545_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01184_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\i641033.hash.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an02559_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an02724_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\integratedoffice.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\mavinject32.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an02122_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an03500_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04108_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04134_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04117_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\msointl30.en-us.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04191_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04174_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04195_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\officec2rcom.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04196_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04206_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04225_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04235_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04267_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04269_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\ucrtbase.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04323_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04326_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04332_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04369_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04355_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04385_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\clicktorun\vccorlib140.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04384_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00116_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00146_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00141_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00160_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00173_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00155_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd06102_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd05119_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd07761_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\en-us\tiptsf.dll.mui". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd07831_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd08758_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd07804_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd08808_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd08773_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd08868_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd09031_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd09194_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd09662_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\office16\liclua.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd09664_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd10972_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19563_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig-office.xrm-ms.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pidgenx.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd10890_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19582_.gif.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19695_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19827_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19828_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19986_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19988_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd20013_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig.companion.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00012_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00045_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\source engine\ose.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00098_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vc\msdia100.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00105_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00122_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vc\msdia90.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00008_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00130_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00148_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00152_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00194_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00234_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00242_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00195_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00247_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00248_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\1033\vstoinstallerui.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00254_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstoinstaller.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\1033\vstoloaderui.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstomessageprovider.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vsto\vstoee.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00252_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vsto\vstoee100.tlb.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vsto\vstoee90.tlb.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00262_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00261_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00265_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\internet explorer\signup\install.ins.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00269_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00270_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\awt.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\bci.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00267_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\dcpr.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00274_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00273_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00296_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\decora_sse.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00392_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00390_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\deploy.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00525_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00524_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00648_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00526_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00921_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00923_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00932_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\boat.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\dtplugin\npdeployjava1.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00985_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\dt_shmem.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\boatinst.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00078_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\dt_socket.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\fontmanager.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00092_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00076_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\fxplugins.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00135_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00100_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00136_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\eula.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00145_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\glib-lite.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\glass.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00174_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00184_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\gstreamer-lite.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00186_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00200_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\hprof.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00224_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00438_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\j2pcsc.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00439_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00440_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00442_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00443_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\instrument.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jaas_nt.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00441_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jabswitch.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\j2pkcs11.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\java.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00445_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00444_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\java.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00453_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01080_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\java-rmi.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01603_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\javacpl.cpl.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\javaaccessbridge-64.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\javacpl.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\javafx_font.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01635_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01636_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01634_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\javafx_iio.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\javafx_font_t2k.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01637_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01638_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01639_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\javaw.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\javaws.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\classic1.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\cg1606.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\java_crw_demo.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jawt.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\classic2.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\clip.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jawtaccessbridge-64.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\crane.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jdwp.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\craninst.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jfxmedia.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\cup.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jfr.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jfxwebkit.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00117_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00121_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\cupinst.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00234_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jjs.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jli.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00256_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00261_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00297_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00255_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jp2launcher.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00372_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jp2iexp.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00405_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00407_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jp2native.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jp2ssv.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jsdt.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00413_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jsound.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00414_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00419_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jsoundds.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00448_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00449_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\jpeg.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00687_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\keytool.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\kinit.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00437_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01015_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\kcms.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01039_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00705_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\ktab.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\lcms.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01139_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\klist.exe.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01140_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01143_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01145_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01146_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01151_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\java\jre1.8.0_144\bin\mlib_image.dll.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01152_.wmf.id[b4197730-1016].[randal_inman@aol.com].help". ... VTI Actions Go to Behavior
1/5	Process	Reads from memory of another process	3	-
"c:\windows\system32\cmd.exe" reads from "C:\WINDOWS\system32\netsh.exe". ... VTI Actions Go to Behavior
"c:\windows\system32\cmd.exe" reads from "C:\WINDOWS\system32\vssadmin.exe". ... VTI Actions Go to Behavior
"c:\windows\system32\cmd.exe" reads from "C:\WINDOWS\System32\Wbem\WMIC.exe". ... VTI Actions Go to Behavior
1/5	File System	Creates an unusually large number of files	1	-
Creates an unusually large number of files. ... VTI Actions Go to file details
0/5	Process	Enumerates running processes	1	-
Enumerates running processes. ... VTI Actions Go to Behavior

Encrypts the content of multiple user files. This is an indicator for ransomware.
...
- VTI Actions
- Go to Behavior

Deletes Windows volume shadow copies.
...
- VTI Actions
- Go to process

Creates mutex with name "Global\1016B419773000".
...
- VTI Actions
- Go to Behavior

Creates mutex with name "Global\1016B419773001".
...
- VTI Actions
- Go to Behavior

Adds "C:\Users\FD1HVy\AppData\Local\shaofao.exe" to Windows startup via registry.
...
- VTI Actions
- Go to Behavior

Adds "c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\shaofao.exe" to Windows startup folder.
...
- VTI Actions
- Go to Behavior

Adds "c:\programdata\microsoft\windows\start menu\programs\startup\shaofao.exe" to Windows startup folder.
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\clicktorun\c2rheartbeatconfig.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\servicewatcherschedule.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\ink\en-us\boxed-correct.avi".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\stationery\desktop.ini.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\desktop.ini.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\bin\server\xusage.txt.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\ffjcext.zip.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash@2x.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_copydrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_copynodrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_linkdrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_linknodrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_movedrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_movenodrop32x32.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\jvm.hprof.txt.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\readme.txt.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\lib\tzdb.dat.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\thirdpartylicensereadme-javafx.txt.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\thirdpartylicensereadme.txt.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\java\jre1.8.0_144\welcome.html.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\filesystemmetadata.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\appxmanifest.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\office16\ospp.htm.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\office16\ospp.vbs.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\office16\slerror.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.common.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\appxmanifestloc.en-us.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\packagemanifests\authoredextensions.xml.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00004_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00011_.gif".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00011_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00021_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\ink\hwrusash.dat".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00175_.gif".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00146_.wmf".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00525_.wmf".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00921_.wmf".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01635_.wmf".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01434_.wmf".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\j0086478.wmf".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\designer\msaddndr.olb.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-timezone-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-xstate-l2-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-conio-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-convert-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-environment-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-filesystem-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-math-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-locale-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-multibyte-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-private-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-runtime-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00037_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00038_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-stdio-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-process-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-time-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-string-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00052_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00040_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00090_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-utility-l1-1-0.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00057_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00103_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00092_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvstream32.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00120_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00129_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00126_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00135_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\appvcleaner.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems32.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00139_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00142_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00154_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00157_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00130_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00158_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00160_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00161_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00164_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00163_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00165_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00169_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00167_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00170_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvvirtualization.dll".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00171_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00174_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00176_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00175_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00015_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00010_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00790_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\appvshnotify.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00914_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\appvscripting.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00932_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00965_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01039_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\c2rui.en-us.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00853_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\c2r32.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01044_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01060_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01084_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01173_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01174_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01216_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\i640.hash.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01218_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\concrt140.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01251_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01545_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01184_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\i641033.hash.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an02559_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an02724_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\integratedoffice.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\mavinject32.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an02122_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an03500_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04108_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04134_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04117_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\msointl30.en-us.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04191_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04174_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04195_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\officec2rcom.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04196_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04206_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04225_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04235_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04267_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04269_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\ucrtbase.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04323_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04326_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04332_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04369_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04355_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04385_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\common files\microsoft shared\clicktorun\vccorlib140.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an04384_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00116_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00146_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior
- Go to file details

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00141_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00160_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00173_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd00155_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd06102_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd05119_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd07761_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\ink\en-us\tiptsf.dll.mui".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd07831_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd08758_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd07804_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd08808_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd08773_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd08868_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd09031_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd09194_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd09662_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\office16\liclua.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd09664_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd10972_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19563_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig-office.xrm-ms.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pidgenx.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd10890_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19582_.gif.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19695_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19827_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19828_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19986_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19988_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd20013_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig.companion.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00012_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00045_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\source engine\ose.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00098_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\vc\msdia100.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00105_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00122_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\vc\msdia90.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00008_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00130_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00148_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00152_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00194_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00234_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00242_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00195_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00247_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00248_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\vsto\10.0\1033\vstoinstallerui.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00254_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstoinstaller.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\vsto\10.0\1033\vstoloaderui.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstomessageprovider.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\vsto\vstoee.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00252_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\vsto\vstoee100.tlb.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\common files\microsoft shared\vsto\vstoee90.tlb.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00262_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00261_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00265_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\internet explorer\signup\install.ins.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00269_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00270_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\awt.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\bci.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00267_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\dcpr.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00274_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00273_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00296_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\decora_sse.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00392_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00390_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\deploy.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00525_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00524_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00648_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00526_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00921_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00923_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00932_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\boat.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\dtplugin\npdeployjava1.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00985_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\dt_shmem.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\boatinst.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00078_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\dt_socket.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\fontmanager.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00092_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00076_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\fxplugins.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00135_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00100_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00136_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\eula.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00145_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\glib-lite.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\glass.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00174_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00184_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\gstreamer-lite.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00186_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00200_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\hprof.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00224_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00438_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\j2pcsc.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00439_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00440_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00442_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00443_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\instrument.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jaas_nt.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00441_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jabswitch.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\j2pkcs11.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\java.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00445_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00444_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\java.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00453_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01080_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\java-rmi.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01603_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\javacpl.cpl.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\javaaccessbridge-64.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\javacpl.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\javafx_font.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01635_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01636_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01634_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\javafx_iio.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\javafx_font_t2k.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01637_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01638_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01639_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\javaw.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\javaws.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\classic1.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\cg1606.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\java_crw_demo.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jawt.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\classic2.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\clip.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jawtaccessbridge-64.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\crane.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jdwp.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\craninst.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jfxmedia.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\cup.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jfr.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jfxwebkit.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00117_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00121_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\cupinst.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00234_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jjs.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jli.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00256_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00261_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00297_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00255_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jp2launcher.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00372_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jp2iexp.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00405_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00407_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jp2native.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jp2ssv.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jsdt.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00413_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jsound.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00414_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00419_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jsoundds.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00448_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00449_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\jpeg.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00687_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\keytool.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\kinit.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00437_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01015_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\kcms.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01039_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00705_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\ktab.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\lcms.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01139_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\klist.exe.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01140_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01143_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01145_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01146_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01151_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\java\jre1.8.0_144\bin\mlib_image.dll.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd01152_.wmf.id[b4197730-1016].[randal_inman@aol.com].help".
...
- VTI Actions
- Go to Behavior

Creates an unusually large number of files.
...
- VTI Actions
- Go to file details

ID	#665639
MD5	7de40ec678584a92ddeecb01764be5fc
SHA1	e4cc3aec8bd71c8225348ac8a0e1d951662520b0
SHA256	cb82fabfd6229fecaec9af902aab091cf1431e529f625a416424c383e993afd9
SSDeep	1536:5kGB8nHbKUvryElSpi8jCZGcqDKlKnr8dMXlnQGFD2co:5FBMHRvrAjCZmKcnr86QG9/o
ImpHash	e6984e72559f94ba7deb365bcd2bee8a
Filename	shaofao.exe
File Size	71.00 KB
Sample Type	Windows Exe (x86-32)

Creation Time	2019-05-28 20:57 (UTC+2)
Analysis Duration	00:04:08
Number of Monitored Processes	14
Execution Successful
Reputation Enabled
WHOIS Enabled
Local AV Enabled
YARA Enabled
Number of AV Matches	1
Number of YARA Matches	0
Termination Reason	Maximum binlog size reached
Tags

Remarks (2/2)

VMRay Threat Indicators (12 rules, 417 matches)

Screenshots

Monitored Processes

Sample Information

Analysis Information

Before

After