cc30bd2a...7a80

VMRay Threat Indicators (15 rules, 471 matches)

Severity	Category	Operation	Count	Classification
5/5	File System	Encrypts content of user files	1	Ransomware
Encrypts the content of multiple user files. This is an indicator for ransomware. ... VTI Actions Go to Behavior
5/5	Local AV	Malicious content was detected by heuristic scan	1	-
Local AV detected the sample itself as "Gen:Win32.AV-Killer.cmZ@aifp3fh". ... VTI Actions Go to AV match Go to file details
4/5	OS	Modifies Windows automatic backups	1	-
Deletes Windows volume shadow copies. ... VTI Actions Go to process
3/5	OS	Modifies system security configuration	1	-
Disables UAC notifications. ... VTI Actions Go to Behavior
3/5	File System	Possibly drops ransom note files	1	Ransomware
Possibly drops ransom note files (creates 266 instances of the file "Decoding help.hta" in different locations). ... VTI Actions Go to file details
2/5	Information Stealing	Reads sensitive browser data	1	-
Trying to read sensitive data of web browser "Google Chrome" by file. ... VTI Actions Go to Behavior
1/5	Persistence	Installs system startup script or application	2	-
Adds ""c:\Decoding help.hta"" to Windows startup via registry. ... VTI Actions Go to Behavior
Adds "C:\windows\searchfiles.exe" to Windows startup via registry. ... VTI Actions Go to Behavior
1/5	File System	Modifies operating system directory	1	-
Creates file "C:\windows\searchfiles.exe" in the OS directory. ... VTI Actions Go to Behavior Go to file details
1/5	Hide Tracks	Writes an unusually large amount of data to the registry	1	-
Hides 1280 byte in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\\rsa". ... VTI Actions Go to Behavior
1/5	Process	Creates process with hidden window	1	-
The process "C:\Windows\system32\cmd.exe" starts with hidden window. ... VTI Actions Go to Behavior
1/5	File System	Modifies application directory	427	-
Modifies "c:\program files\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\desktop.ini.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\desktop.ini.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\dvd maker\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\determine matthew.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\dvd maker\maximize.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\internet explorer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\google\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\google\shoes perception.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\bannedhard.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\internet explorer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\teachers.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\accessiblemarshal.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\application.ini.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\breakpadinjector.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\reference assemblies\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\reference assemblies\sections.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows defender\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows journal\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows journal\gold substantially.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows mail\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows portable devices\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows media player\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\agentssee.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows photo viewer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla maintenance service\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\msbuild\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\uninstall information\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\uninstall information\especially-ccd-facilitate.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\reference assemblies\mediawiki.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows photo viewer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows nt\seemed.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows portable devices\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows portable devices\liverevilusage.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows mail\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows mail\diy.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows defender\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\msbuild\microsoft.office.infopath.targets.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows photo viewer\suffernorwegianfifteen.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows defender\treaty_olive.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows sidebar\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows media player\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows sidebar\settings.ini.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla maintenance service\uninstall.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla maintenance service\updater.ini.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\designer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\copyright.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\license.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\readme.txt.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\authzax.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\bcslaunch.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows nt\accessories\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows nt\tabletextservice\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\internet explorer\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\internet explorer\signup\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows photo viewer\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\dgrmlnch.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows media player\media renderer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\reader 10.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\internet explorer\signup\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\dvd maker\shared\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sql server compact edition\v3.5\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\primary interop assemblies\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\redistlist\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows journal\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows journal\templates\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows nt\accessories\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows mail\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows nt\tabletextservice\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows media player\skins\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows sidebar\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\services\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\system\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\services\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\browser\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows media player\skins\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows media player\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\dw\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\office14\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\help\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\msclientdatamgr\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\euro\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\java\java update\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\dao\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\google\chrome\application\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\msinfo\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft analysis services\as oledb\10\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\bin\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\ink\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\lib\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft analysis services\as oledb\10\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows media player\media renderer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows media player\network sharing\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\adjacency.thmx.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\1033\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\angles.thmx.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft synchronization services\ado.net\v1.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\1033\bhointl.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft synchronization services\ado.net\v1.0\microsoft.synchronization.data.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\1033\dl_res.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft synchronization services\ado.net\v1.0\microsoft.synchronization.data.server.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows nt\accessories\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows nt\tabletextservice\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\reader 10.0\benioku.htm.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\reader 10.0\berime.htm.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\internet explorer\signup\install.ins.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\internet explorer\signup\install.ins.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\reader 10.0\irakhau.htm.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\release.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\thirdpartylicensereadme-javafx.txt.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\proof\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\source engine\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\office14\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vgx\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\fbiblio.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\apex.thmx.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\system\ole db\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\textconv\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\ole db\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\ado\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\stationery\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\apothecary.thmx.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\stationery\desktop.ini.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\vgx\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\vc\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vsto\actionspane3.xsd.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\textconv\msconv97.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\translat\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\dvd maker\shared\dvdstyles\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\grooveex.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sql server compact edition\v3.5\sqlceca35.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\proof\mslid.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows nt\accessories\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\gadgets\calendar.gadget\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft visual studio 8\vsta\bin\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows nt\tabletextservice\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\system\ado\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\grphflt\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows sidebar\gadgets\clock.gadget\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\1033\grooveintlresource.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\vc\msdia100.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\accdds.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vc\amd64\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\fdate.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\system\ole db\xmlrw.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\office14\acecore.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\equation\1033\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\1033\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\reader 10.0\leame.htm.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\office14\1033\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\1033\mcabout.htm.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\1033\stintl.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\1033\stintl.dll.idx_dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\equation\1033\eeintl.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\reader 10.0\leesmij.htm.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\reader 10.0\leggimi.htm.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\euro\msoeuro.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\system\ole db\xmlrwbin.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\thirdpartylicensereadme.txt.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\office14\1033\aceintl.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\welcome.html.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\office14\1033\aceodbci.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\filters\msgfilt.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\lib\accessibility.properties.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft synchronization services\ado.net\v1.0\microsoft.synchronization.data.sqlserverce.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\java\java update\jaucheck.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\acrobatupdater.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\translat\msb1ar.lex.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\dw\dbghelp.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\lib\alt-rt.jar.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vc\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vba\vba6\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\msinfo\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vc\amd64\msdia80.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_client.xml.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\primary interop assemblies\adodb.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\crashreporter.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\designer\msaddndr.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\browser\blocklist.xml.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\help\hxds.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft analysis services\as oledb\10\msmdlocal.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\bin\awt.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\filters\odffilt.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\equation\eqnedt32.cnt.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\aspect.thmx.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\source engine\ose.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\ole db\xmlrw.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\google\chrome\application\chrome.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\msclientdatamgr\mscdm.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\office14\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\office14\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\stationery\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\adobe\reader 10.0\leiame.htm.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft analysis services\as oledb\10\msmdlocal.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppcext.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\java\java update\jaureg.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vsto\vstoee.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\ink\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\office14\1036\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\gadgets\clock.gadget\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\rssfeeds.gadget\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\weather.gadget\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\templates\presentation designs\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\system\ole db\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\gadgets\cpu.gadget\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft analysis services\as oledb\10\cartridges\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sync framework\v1.0\runtime\x64\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\msbuild\microsoft\windows workflow foundation\v3.5\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\gadgets\slideshow.gadget\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\stationery\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\system\msmapi\1033\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\3082\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\system\msadc\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\msadc\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\vba\vba7\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\msinfo\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\msbuild\microsoft\windows workflow foundation\v3.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\vsto\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\msbuild\microsoft\windows workflow foundation\v3.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\ink\1.7\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ca_es\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\translat\esen\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\ink\1.0\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\portal\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\translat\fren\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft analysis services\as oledb\10\cartridges\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft visual studio 8\common7\ide\publicassemblies\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\office14\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\8.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\translat\enes\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\aftrnoon\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\translat\frar\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\currency.gadget\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\picturepuzzle.gadget\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\cagcat10\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\clipart\pub60cor\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsto\10.0\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\mediacenter.gadget\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\ar-sa\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.5\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\templates\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\blueprnt\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft visual studio 8\vsta\bin\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.5\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\web folders\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\system\ado\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\calendar.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\equation\eqnedt32.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\currency.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\cpu.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\grphflt\cgmimp32.cfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft sql server compact edition\v3.5\sqlcecompact35.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\smart tag\fperson.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\proof\mswds_en.lex.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vc\msdia90.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft visual studio 8\vsta\bin\vstaclientpkg.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\pipelinesegments.store.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\textconv\wks9pxy.cnv.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\portal\portalconnectcore.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\appinfodocument\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\canyon\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\boldstri\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\breeze\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\arctic\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\axis\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\blends\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\bluecalm\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\adobe\reader 10.0\esl\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\web server extensions\14\bin\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\office14\csi.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\images\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\rssfeeds.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinviews\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\contracts\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\hostsideadapters\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\picturepuzzle.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\cagcat10\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\fr_fr\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vba\vba7\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\es_es\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\mediacenter.gadget\css\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\translat\arfr\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\1028\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\cs_cz\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\da_dk\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\de_de\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\en_us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\images\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\picturepuzzle.gadget\images\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\weather.gadget\images\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\clock.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\mediacenter.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\fi_fi\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\zh_tw\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\pt_br\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ja_jp\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\hr_hr\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\zh_cn\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\uk_ua\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\tr_tr\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\sv_se\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\sl_si\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\sk_sk\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ru_ru\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ro_ro\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\pl_pl\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\nl_nl\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\nb_no\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ko_kr\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\it_it\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\hu_hu\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\eu_es\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\office14\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\visio shared\fonts\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft sync framework\v1.0\documentation\1033\license agreements\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\2052\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\1031\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\1036\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\1040\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\1041\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\1042\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\1046\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\3082\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\bg-bg\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\pl-pl\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\ru-ru\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\de-de\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\1049\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\ro-ro\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\office14\accddsf.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft.net\primary interop assemblies\microsoft.mshtml.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\adobe\reader 10.0\liesmich.htm.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft analysis services\as oledb\10\cartridges\as80.xsl.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\java\jre7\lib\calendars.properties.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\adobeextractfiles.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\system\ole db\xmlrwbin.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\java\jre7\bin\axbridge.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\java\java update\jucheck.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\dvd maker\shared\dvdstyles\performance\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\office14\bullets\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\clipart\publisher\backgrounds\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\textconv\wksconv\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsto\10.0\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\cpu.gadget\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\office14\autoshap\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\cpu.gadget\en-us\js\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\fr_fr\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\es_es\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\currency.gadget\en-us\css\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\hr_hr\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\filters\offfiltx.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\web server extensions\14\bin\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.5\redistlist\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\sl-si\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.0\redistlist\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.5\redistlist\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.5\subsetlist\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\redistlist\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\subsetlist\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\en-us\css\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\calendar.gadget\en-us\css\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\calendar.gadget\en-us\js\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\en-us\js\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows sidebar\gadgets\cpu.gadget\en-us\css\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\gadgets\mediacenter.gadget\images\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\ink\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\layers\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\dvd maker\shared\dvdstyles\push\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\studio\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\uk_ua\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\da_dk\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\winfxlist.xml.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\portal\1033\portalconnect.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\sumipntg\decoding help.hta". ... VTI Actions
Modifies "c:\program files\microsoft office\stationery\1033\currency.gif.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\media\office14\office10.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_extended.xml.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\mozilla firefox\crashreporter.ini.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\msenv\publicassemblies\extensibility.dll.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\office14\1036\mso.acl.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\dw\dw20.exe.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\fi_fi\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\tr_tr\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\sv_se\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\sl_si\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\sk_sk\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ru_ru\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ro_ro\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\pl_pl\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\nl_nl\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\nb_no\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ko_kr\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\it_it\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\hu_hu\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\eu_es\reader_10.0.helpcfg.[id]g9uzrlhjaygpwrm1[id]". ... VTI Actions
1/5	Masquerade	Changes folder appearance	30	-
Folder "c:\program files" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\program files (x86)" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\$recycle.bin\s-1-5-21-3388679973-3930757225-3770151564-1000" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\links" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\saved games" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\searches" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\videos" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\desktop" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\downloads" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\music" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\program files\common files\microsoft shared\stationery" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\contacts" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\downloads" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\documents" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\links" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\documents" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\pictures" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\videos" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\downloads" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\recorded tv" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\libraries" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\desktop" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\music" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\favorites" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\music" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\favorites" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\documents" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\contacts" has a changed appearance. ... VTI Actions Go to Behavior
1/5	Information Stealing	Possibly does reconnaissance	1	-
Possibly trying to gather information about application "Mozilla Firefox" by file. ... VTI Actions Go to Behavior
1/5	File System	Creates an unusually large number of files	1	-
Creates an unusually large number of files. ... VTI Actions Go to file details
0/5	Process	Enumerates running processes	1	-
Enumerates running processes. ... VTI Actions Go to Behavior

Screenshots

Monitored Processes

Sample Information

ID	#83262
MD5	30c6ac2bd181d92490bcdbc440d527b1
SHA1	e3ac4120d556fc527320f883a36c445914afbc79
SHA256	cc30bd2a55abc25681990a831539c393f086b5720ee27266e1c4b1abc1ac7a80
SSDeep	384:bo6O5Rtl1Hz8s+DgS3sUShMFWrHx6mG0dimylQC9q9yYoOKTqoptTPgnsmEEFEE3:bWxYse3rAMguQCQ9Et4nsmEEFEEBU8
ImpHash	0a98a06f576cfeebd2f91325d9ccac02
Filename	C_932.NLS.exe
File Size	44.83 KB
Sample Type	Windows Exe (x86-32)

Analysis Information

Creation Time	2019-06-19 18:00 (UTC+2)
Analysis Duration	00:04:29
Number of Monitored Processes	3
Execution Successful
Reputation Enabled
WHOIS Enabled
Local AV Enabled
YARA Enabled
Number of AV Matches	1
Number of YARA Matches	0
Termination Reason	Timeout
Tags

Remarks (2/2)

VMRay Threat Indicators (15 rules, 471 matches)

Screenshots

Monitored Processes

Sample Information

Analysis Information

Before

After