1c4e647f...965d

VMRay Threat Indicators (16 rules, 595 matches)

Severity	Category	Operation	Count	Classification
5/5	File System	Encrypts content of user files	1	Ransomware
Encrypts the content of multiple user files. This is an indicator for ransomware. ... VTI Actions Go to Behavior
5/5	Local AV	Malicious content was detected by heuristic scan	1	-
Local AV detected the sample itself as "Gen:Win32.AV-Killer.amW@ae4J0Ed". ... VTI Actions Go to AV match Go to file details
5/5	Reputation	Known malicious file	1	Trojan
File "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\udxgjs.exe" is a known malicious file. ... VTI Actions Go to file details
4/5	OS	Modifies Windows automatic backups	1	-
Deletes Windows volume shadow copies. ... VTI Actions Go to process
3/5	OS	Modifies system security configuration	1	-
Disables UAC notifications. ... VTI Actions Go to Behavior
3/5	File System	Possibly drops ransom note files	1	Ransomware
Possibly drops ransom note files (creates 238 instances of the file "Decoding help.hta" in different locations). ... VTI Actions Go to file details
2/5	Information Stealing	Reads sensitive mail data	1	-
Trying to read sensitive data of mail application "Windows Mail" by file. ... VTI Actions
1/5	Persistence	Installs system startup script or application	2	-
Adds ""c:\Decoding help.hta"" to Windows startup via registry. ... VTI Actions Go to Behavior
Adds "C:\windows\searchfiles.exe" to Windows startup via registry. ... VTI Actions Go to Behavior
1/5	File System	Modifies operating system directory	1	-
Creates file "C:\windows\searchfiles.exe" in the OS directory. ... VTI Actions Go to Behavior Go to file details
1/5	Hide Tracks	Writes an unusually large amount of data to the registry	1	-
Hides 1280 byte in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\\rsa". ... VTI Actions Go to Behavior
1/5	Process	Creates process with hidden window	1	-
The process "C:\Windows\system32\cmd.exe" starts with hidden window. ... VTI Actions Go to Behavior
1/5	Masquerade	Changes folder appearance	39	-
Folder "c:\$recycle.bin\s-1-5-21-3388679973-3930757225-3770151564-1000" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\program files" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\program files (x86)" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\desktop" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\downloads" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\documents" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\favorites" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\links" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\documents" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\downloads" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\music" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\libraries" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\pictures" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\contacts" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\desktop" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\documents" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\recorded tv" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\music" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\pictures" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\saved games" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\searches" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\videos" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\videos" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\contacts" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\program files\common files\microsoft shared\stationery" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\downloads" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\favorites" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\music" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\5p5nrgjn0js halpmcxz\favorites\links" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\links" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\music\sample music" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\recorded tv\sample media" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\videos\sample videos" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\program files (x86)\common files\microsoft shared\stationery" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\desktop" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\default\favorites\links" has a changed appearance. ... VTI Actions
Folder "c:\users\public\pictures\sample pictures" has a changed appearance. ... VTI Actions
1/5	File System	Modifies application directory	541	-
Modifies "c:\program files\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\desktop.ini.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\desktop.ini.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\association ongoing artistic.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\dvd maker\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\internet explorer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\centuries.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\detected-persistent-luther.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\internet explorer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sync framework\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sync framework\ceremony.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sync framework\hometown_estate.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sync framework\reproducedmelissa.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft synchronization services\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft synchronization services\outcomes-increasing.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\msbuild\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\msbuild\pursuitbed.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\msbuild\role.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\uninstall information\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\uninstall information\israel.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows defender\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla maintenance service\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows journal\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\designer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\internet explorer\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\internet explorer\signup\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\services\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\designer\msaddndr.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\internet explorer\signup\install.ins.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\system\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\diary.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\services\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\adjacency.thmx.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\angles.thmx.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\internet explorer\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\internet explorer\signup\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\internet explorer\signup\install.ins.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sync framework\silicon_mu.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sql server compact edition\v3.5\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\copyright.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\license.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\readme.txt.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\release.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\authzax.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\thirdpartylicensereadme-javafx.txt.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\bcslaunch.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\thirdpartylicensereadme.txt.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\welcome.html.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sql server compact edition\v3.5\sqlceca35.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\primary interop assemblies\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\redistlist\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\dgrmlnch.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\apex.thmx.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_client.xml.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\uninstall information\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows defender\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows mail\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows portable devices\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows media player\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows media player\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows sidebar\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows photo viewer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows portable devices\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_extended.xml.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\primary interop assemblies\adodb.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\accdds.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\dvd maker\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\dvd maker\shared\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\accessiblemarshal.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\application.ini.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows journal\templates\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\apothecary.thmx.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sql server compact edition\v3.5\sqlcecompact35.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\breakpadinjector.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\accddsf.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft sql server compact edition\v3.5\sqlceer35en.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\msadc\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vc\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vgx\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\proof\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\source engine\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\1036\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\bin\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\3082\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft synchronization services\ado.net\v1.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\1033\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\java\jre7\lib\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft visual studio 8\vsta\bin\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft visual studio 8\vsta\bin\vstaclientpkg.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vsto\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\stationery\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\1033\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\stationery\desktop.ini.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\1033\accddsui.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\textconv\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft visual studio 8\vsta\bin\vstaproject.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\media\cagcat10\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft analysis services\as oledb\10\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\fbiblio.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\media\cagcat10\cagcat10.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\clipart\pub60cor\ag00004_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\ink\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\clipart\pub60cor\ag00011_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\fdate.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\clipart\pub60cor\ag00021_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\textconv\recovr32.cnv.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\uninstall information\deviant-potential-mistakes.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\translat\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows defender\improving-birmingham.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\help\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\1033\access12.acc.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\crashreporter.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\media\cagcat10\cagcat10.mmw.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft.net\primary interop assemblies\microsoft.mshtml.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows mail\ways_get_musicians.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\msbuild\microsoft.office.infopath.targets.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows media player\brooklyn variations nothing.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft analysis services\as oledb\10\msmdlocal.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows photo viewer\ensure.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft analysis services\as oledb\10\msmdlocal.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows sidebar\settings.ini.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\frederick_manufacturing.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows portable devices\large.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\office14\accddslm.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows mail\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows media player\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows photo viewer\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\vc\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows media player\media renderer\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\vgx\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows mail\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows sidebar\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\vsto\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\translat\msb1ar.lex.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows photo viewer\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows nt\accessories\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\web folders\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows nt\tabletextservice\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows media player\skins\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\windows sidebar\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows nt\accessories\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows nt\tabletextservice\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\reader 10.0\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\adobe\reader 10.0\benioku.htm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\stationery\1033\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\templates\presentation designs\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\windows defender\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\microsoft office\office14\grooveex.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\dvd maker\shared\dvdstyles\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\en-us\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\java\java update\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\system\ado\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\google\chrome\application\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\filters\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\stationery\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\msclientdatamgr\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\msinfo\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\stationery\1033\currency.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\textconv\wks9pxy.cnv.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\common files\microsoft shared\vsto\actionspane3.xsd.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\clipart\pub60cor\ag00037_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\document themes 14\aspect.thmx.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla maintenance service\uninstall.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\smart tag\fperson.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\templates\1033\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\common files\microsoft shared\themes14\decoding help.hta". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\mozilla firefox\browser\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\mozilla firefox\browser\blocklist.xml.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\mozilla firefox\browser\chrome.manifest.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\mozilla firefox\browser\crashreporter-override.ini.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft sql server compact edition\v3.5\sqlceme35.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft sql server compact edition\v3.5\sqlceoledb35.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft office\office14\1033\bhointl.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\office14\office10.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\office14\1036\mso.acl.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\office14\3082\mso.acl.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft synchronization services\ado.net\v1.0\microsoft.synchronization.data.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\mozilla firefox\browser\omni.ja.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\msenv\publicassemblies\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\msinfo\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vc\msdia100.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\msinfo\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vba\vba6\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vc\amd64\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\aftrnoon\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\web folders\msosv.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vsto\vstoee.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\euro\msoeuro.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\stationery\desktop.ini.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\grphflt\cgmimp32.cfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\help\hx.hxc.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\cagcat10\elphrg01.wav.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows portable devices\mambo_prediction_hiking.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\msclientdatamgr\mscdm.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\office14\bullets\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\java\jre7\lib\accessibility.properties.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vc\msdia100.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\source engine\ose.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\proof\mslid.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows nt\tabletextservice\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows nt\accessories\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows nt\accessories\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\java\jre7\bin\awt.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\windows nt\tabletextservice\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows media player\negotiationsbadge.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\adobe\reader 10.0\berime.htm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows sidebar\settings.ini.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\smart tag\fplace.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\textconv\wpft532.cnv.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\templates\1033\adjacencyletter.dotx.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\equation\eqnedt32.cnt.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\filters\msgfilt.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\windows photo viewer\methods.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\office14\1033\accolki.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\stationery\1033\currency.htm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\clipart\pub60cor\ag00038_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\mozilla maintenance service\updater.ini.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsto\vstoee.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\document themes 14\austin.thmx.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft office\office14\ieawsdc.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\office14\csi.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\system\ole db\xmlrw.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\system\ole db\xmlrw.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\google\chrome\application\chrome.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\translat\fren\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\office14\acecore.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\help\hxds.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\dw\dbghelp.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\portal\portalconnectcore.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\themes.inf.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\office14\accicons.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\translat\esen\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\system\msmapi\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\equation\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\system\ole db\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\translat\enfr\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\cagcat10\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\portal\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\system\ole db\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\textconv\wksconv\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\office14\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\office14\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\8.0\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\translat\arfr\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\translat\enes\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\studio\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft visual studio 8\common7\ide\privateassemblies\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\sumipntg\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\spring\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\java\java update\jaucheck.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\web folders\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\smart tag\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\vba\vba7\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\arctic\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\clipart\publisher\backgrounds\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\adobe\helpcfg\nl_nl\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\templates\1033\access\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\system\msadc\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\ink\en-us\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\translat\frar\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\appinfodocument\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\office14\autoshap\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\msbuild\microsoft\windows workflow foundation\v3.0\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\microsoft office\media\office14\lines\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files (x86)\microsoft visual studio 8\vsta\bin\1033\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\blends\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\bluecalm\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\blueprnt\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\breeze\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\boldstri\decoding help.hta". ... VTI Actions Go to Behavior
Modifies "c:\program files\common files\microsoft shared\themes14\canyon\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\capsules\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\cascade\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\axis\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\level\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\profile\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\layers\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\papyrus\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\quad\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\ripple\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\rmnsque\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\satin\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\slate\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\strtedge\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\vsto\10.0\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\microsoft analysis services\as oledb\10\cartridges\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\hr_hr\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\visio shared\fonts\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\cs_cz\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\system\ado\en-us\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\system\ado\en-us\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ko_kr\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\ink\1.0\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\ink\1.7\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\concrete\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\indust\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\ice\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\expeditn\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\evrgreen\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\edge\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\eclipse\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\echo\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\deepblue\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\compass\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\refined\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\network\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ca_es\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\hu_hu\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\it_it\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\da_dk\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\de_de\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\es_es\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\eu_es\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\fi_fi\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\fr_fr\decoding help.hta". ... VTI Actions
Modifies "c:\program files\microsoft analysis services\as oledb\10\cartridges\decoding help.hta". ... VTI Actions
Modifies "c:\program files\microsoft office\office14\accessweb\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\microsoft visual studio 8\common7\ide\publicassemblies\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\en_us\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ja_jp\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\zh_tw\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\zh_cn\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\sv_se\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\pt_br\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\pl_pl\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\nb_no\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\uk_ua\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\tr_tr\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\sl_si\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\sk_sk\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ru_ru\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ro_ro\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1040\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows media player\media renderer\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows media player\en-us\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1033\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1049\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\2052\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1028\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1041\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1042\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\3082\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1046\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1031\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1036\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\ar-sa\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\bg-bg\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\cs-cz\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\da-dk\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\de-de\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\el-gr\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\es-es\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\et-ee\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\fi-fi\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\fr-fr\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\he-il\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\hr-hr\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\hu-hu\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\windows sidebar\gadgets\currency.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\it-it\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\ja-jp\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\web server extensions\14\bin\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\ko-kr\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\lt-lt\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\lv-lv\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\nb-no\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\nl-nl\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\msbuild\microsoft\windows workflow foundation\v3.5\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\pl-pl\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\ru-ru\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\pt-br\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\pt-pt\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\ro-ro\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\translat\fren\msb1fren.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\media\office14\bullets\bd10253_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\media\office14\bullets\bd10254_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\media\office14\bullets\bd10255_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\babyboy\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\msbuild\microsoft\windows workflow foundation\v3.0\decoding help.hta". ... VTI Actions
Modifies "c:\program files\microsoft office\media\office14\bullets\bd10263_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\web server extensions\14\bin\fpsrvutl.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\translat\msb1cach.lex.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\microsoft office\office14\1033\dl_res.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\msenv\publicassemblies\extensibility.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\portal\1033\portalconnect.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\58.0.3029.110.manifest.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\equation\1033\eeintl.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\system\ole db\xmlrwbin.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\system\msmapi\1033\msmapi32.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft synchronization services\ado.net\v1.0\microsoft.synchronization.data.server.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\system\ole db\xmlrwbin.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\acrobatupdater.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\media\cagcat10\1033\cagcat10.mml.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\media\office14\office10.mmw.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\microsoft office\office14\inlaunch.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\hx.hxt.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\translat\enfr\msb1enfr.its.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\translat\fren\msb1fren.its.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppcext.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\refined\preview.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\office14\accessweb\clntwrap.htm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\edge\edge.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\compass\compass.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\network\network.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\capsules\capsules.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\evrgreen\evrgreen.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\indust\indust.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\expeditn\expeditn.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\eclipse\eclipse.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\vba\vba7\1033\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\web server extensions\14\bin\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\studio\preview.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\8.0\microsoft.visualstudio.tools.applications.blueprints.tlb.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\office14\1033\aceintl.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\vsto\10.0\1033\decoding help.hta". ... VTI Actions
Modifies "c:\program files\microsoft sql server compact edition\v3.5\sqlceqp35.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1033\hxdsui.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\iris\iris.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\web folders\1033\msosvint.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\smart tag\1033\mcabout.htm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\stationery\1033\dadshirt.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\office14\1033\accvdtui.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\clipart\pub60cor\ag00040_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\google\chrome\application\chrome.visualelementsmanifest.xml.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\templates\1033\adjacencymergeletter.dotx.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\vba\vba6\vbe6ext.olb.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\aftrnoon\aftrnoon.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\appinfodocument\addins.store.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\media\office14\autoshap\autoshap.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\media\office14\lines\bd10219_.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\equation\eqnedt32.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\pipelinesegments.store.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\vc\msdia80.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\microsoft visual studio 8\vsta\bin\1033\vstaclientpkgui.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\java\jre7\bin\axbridge.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\vc\amd64\msdia80.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\mozilla firefox\browser\searchplugins\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows media player\network sharing\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\adobe\reader 10.0\esl\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\microsoft visual studio 8\common7\ide\publicassemblies\microsoft.visualstudio.tools.applications.adapter.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft office\media\office14\1033\office10.mml.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\office14\1033\msointl.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\java\jre7\lib\alt-rt.jar.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\textconv\wksconv\wkconv.exe.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\office14\csisoap.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\translat\frar\msb1frar.its.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\proof\mswds_en.lex.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\sk-sk\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\water\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows media player\skins\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\translat\enes\msb1enes.its.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\translat\arfr\msb1arfr.its.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\watermar\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\sl-si\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\sr-latn-cs\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.5\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\sv-se\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows sidebar\gadgets\calendar.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.5\redistlist\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows sidebar\gadgets\clock.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\microsoft analysis services\as oledb\10\msmgdsrv.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\vc\msdia90.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstoinstaller.config.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.0\winfxlist.xml.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\microsoft.net\primary interop assemblies\microsoft.stdformat.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\hu_hu\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\windows sidebar\gadgets\cpu.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\it_it\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\da_dk\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\de_de\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\es_es\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\eu_es\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\fi_fi\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\fr_fr\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\microsoft analysis services\as oledb\10\cartridges\as80.xsl.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1040\hxdsui.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.0\redistlist\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\ricepapr\preview.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\windows sidebar\gadgets\currency.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\1033\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows sidebar\gadgets\mediacenter.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows sidebar\gadgets\picturepuzzle.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows sidebar\gadgets\rssfeeds.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows sidebar\gadgets\slideshow.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\videowall\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\pets\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\oldage\decoding help.hta". ... VTI Actions
Modifies "c:\program files\windows sidebar\gadgets\weather.gadget\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\pixel\pixel.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\radial\preview.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\journal\journal.elm.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\sky\preview.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\slate\preview.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\sonora\preview.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\themes14\strtedge\preview.gif.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1049\hxdsui.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\2052\hxdsui.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\microsoft shared\help\1028\hxdsui.dll.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\en-us\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\th-th\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\tr-tr\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\images\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\uk-ua\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\zh-cn\decoding help.hta". ... VTI Actions
Modifies "c:\program files\common files\microsoft shared\ink\zh-tw\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\vignette\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\specialoccasion\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\full\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\performance\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\memories\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\babygirl\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\huecycle\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\flippage\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\push\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\rectangles\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\resizingpanels\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\shatter\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\sports\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\stacking\decoding help.hta". ... VTI Actions
Modifies "c:\program files\dvd maker\shared\dvdstyles\travel\decoding help.hta". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ca_es\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
Modifies "c:\program files (x86)\common files\adobe\helpcfg\ru_ru\reader_10.0.helpcfg.[id]hwwph9ujuooy4hf1[id]". ... VTI Actions
1/5	Information Stealing	Possibly does reconnaissance	1	-
Possibly trying to gather information about application "Mozilla Firefox" by file. ... VTI Actions Go to Behavior
1/5	File System	Creates an unusually large number of files	1	-
Creates an unusually large number of files. ... VTI Actions Go to file details
0/5	Process	Enumerates running processes	1	-
Enumerates running processes. ... VTI Actions Go to Behavior

Screenshots

Monitored Processes

Sample Information

ID	#118887
MD5	29cc50130b5f6efd01703b6031985e72
SHA1	96b59c746f660c2b190244f08764bb9d64f90b76
SHA256	1c4e647f3fbac1eea97b488a7c2600f3c61c8b4d6e2e7b08acc8f5ec2b7a965d
SSDeep	192:nn829Uqt80RvmDn/GW0YPUWLTwmH+M6r6BmiOxEhGr:n829Dt80R2n/3F8s+LLLC
ImpHash	0a98a06f576cfeebd2f91325d9ccac02
Filename	udxgjs.exe
File Size	11.50 KB
Sample Type	Windows Exe (x86-32)

Analysis Information

Creation Time	2019-07-23 00:10 (UTC+2)
Analysis Duration	00:04:29
Number of Monitored Processes	3
Execution Successful
Reputation Enabled
WHOIS Enabled
Local AV Enabled
YARA Enabled
Number of AV Matches	1
Number of YARA Matches	0
Termination Reason	Timeout
Tags

Remarks (2/2)

VMRay Threat Indicators (16 rules, 595 matches)

Screenshots

Monitored Processes

Sample Information

Analysis Information

Before

After