Analysis
-
max time kernel
145s -
max time network
62s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
11/06/2020, 11:24
Static task
static1
Behavioral task
behavioral1
Sample
ransomware.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ransomware.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
ransomware.exe
-
Size
259KB
-
MD5
61e7fef300b01614836c82051d840615
-
SHA1
df05c78a8b88ecd1b8e2db6dcc42f027065db6ac
-
SHA256
99f3f126c0da424357b510e2b1bb7b80b0a83e77802e9eeaec5119cb26b13231
-
SHA512
29e890068caca97e3f09eed17f9c02e367bf1c4e1d5fdc77b373e6d91223fd61355057e2ab36e6615de0c3cd62ef523a7accd214a44a1e7b5083fdefcde02185
Score
10/10
Malware Config
Extracted
Path
C:\Program Files\Java\jre7\bin\!!_FILES_ENCRYPTED_.txt
Ransom Note
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorithm.
Backups, replications were either encrypted or wiped. Shadow copies also removed.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE *.ESCAL-p9yqoly files.
This may lead to the impossibility of recovery of the certain files.
To get info how to decrypt your files, contact us at:
[email protected]
[email protected]
To confirm our honest intentions we will decrypt few files for free.
Send 2 different files with extension *.ESCAL-p9yqoly. Files should not contain essential information.
Files should be inside ZIP archive and mailed to us (SUBJ : your domain or network name).
It can be from different computers on your network to be sure we decrypts everything.
The procedure to decrypt the rest is simple:
After payment we will send you decryption software.
Don't waste time, send email with files attached as soon as possible.
if you contact the police, they completely BLOCK any activity (mainly financial) of the company until the end of the proceedings on their part.
It's just a business. We absolutely do not care about you and your deals, except getting benefits.
If we do not do our work and liabilities - nobody will not cooperate with us. It's not in our interests.
If you will not cooperate with our service - for us, it's doesn't matter. But you will lose your time and data, cause just we have the private key.
�
Signatures
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 620 NOTEPAD.EXE -
Drops file in Program Files directory 7440 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341447.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\CALENDAR.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02282_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.IN.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\WidescreenPresentation.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LETTHEAD.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Xlate_Complete.xsn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14656_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099201.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\mr\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152704.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21323_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01140_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105328.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21313_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00720_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.Xml.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00452_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148757.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CATWIZ.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PICSTYLES.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\mr.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBREF.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBORDER.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14867_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00919_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\EquityLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIcons.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313896.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\WORDIRMV.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SHOT.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\WANS.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART5.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Slipstream.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0168644.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WORDREP.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232795.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101865.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME55.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN089.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18239_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099163.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00231_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107300.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172193.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Origin.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN001.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Sync Framework\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\VIEW.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099155.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Sts.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Bahia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\jfr\default.jfc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\viewSelectionChanged.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00298_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\psfont.properties.ja.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Elemental.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\validation.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Tasks.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Hardcover.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196060.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\SignedComponents.cer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME49.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Detroit.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\7z.sfx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CharSetTable.chr.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105240.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01299_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21308_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR34B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05869_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Belem.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jni.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02750G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\alt-rt.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mset7jp.kic.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE06450_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\da.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107426.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01130_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART3.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00411_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03459_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216588.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Address.accft.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jre7\bin\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Couture.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\VelvetRose.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18209_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15061_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382965.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BRCH98SP.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Installed_resources14.xss.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewFrame.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Events.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\XMLSDK5.CHM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\EquityMergeFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00792_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199307.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBORDER.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21390_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Contacts.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OrielMergeLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME21.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\resources\1033\Synchronization.rll.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198494.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBEMAIL.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL082.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24Images.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\settings.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGZIPC.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382926.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ENGIDX.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15184_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382952.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0157995.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENVELOPE.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02233_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01954_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LINE.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18248_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\sq\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15173_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00512_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02097_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099188.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107544.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Installed_schemas14.xss.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR10F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03014_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00526_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPAPERS.INI.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Rome.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Aspect.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormToolImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZMAIN.ACCDE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239935.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105396.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR16F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02356_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15277_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCHKBRD.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239955.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\LightSpirit.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115840.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\SETLANG_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0215086.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Newsprint.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBOXES.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251301.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\AUTHORS.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BRCHUR11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Essential.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME26.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239953.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18187_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00810_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02790_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15276_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00915_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107344.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDREQ.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKDEC.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Panama.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Generic.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01253_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.AU.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CERT.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18257_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090149.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00372_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ru.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01182_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02155_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195534.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PAPER_01.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\dependentlibs.list.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\GIFT98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mscss7wre_fr.dub.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME13.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR49B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297759.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR6F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME04.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileHighMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099166.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\CAMERA.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02405_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234376.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152690.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL095.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387591.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287018.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152560.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02040U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\calendars.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginDialogBackground.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02754U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\management\management.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarViewButtonImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115863.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01761_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107748.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198025.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107350.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14997_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14828_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Technic.thmx.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\fa\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\skin.dtd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\IMAGE.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.ID.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Flow.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01474_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Belize.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Library\Analysis\PROCDB.XLAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01237_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01394_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02009_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SUBMIT.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234000.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\WSS\107.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\ResumeRename.csv.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Earthy.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02120_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152570.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18212_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152884.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00814_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195384.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301432.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152590.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01297_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00544_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\bdcmetadata.xsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0177806.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Bibliography\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSOUC_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN095.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR39F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ar.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105410.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10300_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Elegant.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PNCTUATE.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OMSINTL.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME18.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18238_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0230876.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABOFF.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MML2OMML.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB5A.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00261_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\br.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107290.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\FONTSCHM.INI.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LOGO98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\mng.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Manuscript.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00246_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL092.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImage.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImages16x16.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.SG.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0149118.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382942.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090027.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00779_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01470_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105588.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00799_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099149.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MSCOL11.PPD.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01628_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\macroprogress.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00345_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN097.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02897J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02748G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Manila.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\7zCon.sfx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\OL.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185670.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\BUTTON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ja.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GRAPH_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSTORE_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0315580.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\en.ttt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382950.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099160.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00388_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107468.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105376.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Adobe.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01866_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01066_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18230_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Mozilla Firefox\gmp-clearkey\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Monterrey.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199429.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101858.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01080_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME16.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME39.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_GreenTea.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR7F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Groove Starter Template.xsn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME03.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153508.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107288.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01797_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIconsMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14870_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\PROOF\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195428.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImagesMask16x16.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02617_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099203.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\lt\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\XML Files\StarterApplicationDescriptors.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187859.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUPINST.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01627_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00998_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGNAVBAR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107730.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03205I.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00416_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02088_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241077.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212957.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21295_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188679.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14883_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\New_York.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\YEAR.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME52.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SWEST_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Civic.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107258.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01636_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Concourse.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\DVD Maker\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\OCEAN_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME06.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_center.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15035_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00204_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152626.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\OliveGreen.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Casual.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18225_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR44F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART2.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105526.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00530_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME30.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0213243.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185774.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\ODBC.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\St_Johns.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382970.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_increaseindent.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR14F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Elemental.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Paper.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\is.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0250504.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02055_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR12F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART9.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL002.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\plugin.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME32.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\QUERIES\MSN MoneyCentral Investor Major Indicies.iqy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0305257.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MSPUB.TLB.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21520_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01931J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\utilityfunctions.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\GrooveFormsMetaData.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03513_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBPAGE.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293236.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18201_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsVersion1Warning.htm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099154.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Barbados.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Marketing Projects.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01252_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\net.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\macroprogress.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_SlateBlue.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297185.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGDOTS.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21512_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\sk.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01172_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL102.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00601_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\security\javafx.policy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\omni.ja.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLTASKR.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Concourse.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Discussion14.gta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02371_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\si\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Currie.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01006_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\STOPICON.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\ROGERS.COM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBLINK.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Matamoros.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00014_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PRRTINST.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\bin\server\Xusage.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\BUZZ.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02293_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02313_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00042_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\es.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SMIMES.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\InfoPathOM\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Couture.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Mail\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Pushpin.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157167.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Distinctive.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00494_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.SE.XML.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00013_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152606.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00255_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\my\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01661_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01849_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGTOC.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00555_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\PublicFunctions.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Issues.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152708.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\HAMMER.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSIDEBRV.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301076.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00442_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00656_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\powerpnt.exe.manifest.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CONTACT.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\PST8PDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\STORYBB.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR29F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107450.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ADD.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196354.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105496.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\TYPE.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01238_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00538_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL077.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05665_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02400_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107458.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21320_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OriginReport.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01157_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01145_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageSmall.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\FiveRules.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSO.ACL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03464_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099173.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL078.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00208_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216570.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYER.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182898.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02166_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107722.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Tabs.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\BUTTON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099177.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\UnprotectFind.tif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Juneau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR31F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216724.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02269_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\COUGH.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01478U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSOUC.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Customer Support.fdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENV98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00608_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SCHOL_02.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\form_edit.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153087.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00255_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.0.2.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02886_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341645.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105414.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImageMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18234_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\CollectSignatures_Init.xsn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105710.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PICTPH.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LTHD11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00178_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00096_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251871.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSTH7EN.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GRINTL32.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196142.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Maroon.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Adjacency.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\GREETING.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02058U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUP.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301050.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01368_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\INVITE.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\lv\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Hardcover.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Verve.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL089.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00693_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21527_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02127_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01141_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Graph.exe.manifest.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\SWBELL.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301052.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MOR6INT.REST.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178460.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_choosefont.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152716.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107526.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPQUOT.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01308_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Premium.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02051_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00468_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15132_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02740U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18210_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Athens.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107042.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\dnsns.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Horizon.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Clarity.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Sts2.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00612_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ext.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Microsoft.SharePoint.BusinessData.Administration.Client.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099153.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\SETLANG_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18189_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00414_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME07.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00345_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\BlackTieMergeLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099170.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImageMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Fancy.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149887.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02024_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_pressed.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232797.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\1033\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.UK.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199283.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145904.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Creston.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\MEDIA\OFFICE14\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153516.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00391_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBAD.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297749.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01561_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153089.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Trek.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ONENOTE_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15022_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02413_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ADVZIP.DIC.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\README.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Perspective.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\GIFT.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14791_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\VOLTAGE.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00058_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Thule.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00916_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_LightSpirit.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Slipstream.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PROTTPLV.PPT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\as_IN\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Trek.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107456.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL105.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mscss7wre_es.dub.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107480.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099178.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099146.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287644.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18253_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Adjacency.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198712.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\RSSITEM.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01743_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\platform.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\validation.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00238_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Pitchbook.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090777.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237228.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099200.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR30F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Premium.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WZCNFLCT.CHM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15018_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01245_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mspub.exe.manifest.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Boise.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR7B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099152.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\release.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME40.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BIZCARD.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00017_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImageMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGLOGO.DPV.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Mozilla Firefox\defaults\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105266.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART4.BDR.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01154_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART15.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Msgbox.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105232.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106958.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN075.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00364_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZDAT12.ACCDU.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Executive.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195320.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02287_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART7.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ApothecaryLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00712_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187835.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\XML Files\StarterNotificationDescriptors.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BCSEvents.man.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_SlateBlue.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02288_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101859.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ka.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153398.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105298.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\1 Right.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183168.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR21F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART10.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\RSWOP.ICM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0098497.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BIZFORM.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCINFO.XML.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Office\Office14\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196110.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00006_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Custom.propdesc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\bn\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR43B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7ES.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00694_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00728_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Edmonton.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\GRIP.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02067_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Library\Analysis\ANALYS32.XLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107492.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIcon.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Clarity.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ADDINS\MSSPC.ECF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106222.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14677_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01759_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00241_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00438_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299611.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\UrbanPhotoAlbum.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00455_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Newsprint.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplateRTL.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00191_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200183.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Earthy.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART11.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\af\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PS2SWOOS.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Opulent.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234657.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00297_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\DESKSAM.SAM.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\AccessWeb\SERVWRAP.ASP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL110.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217262.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0090386.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ONENOTEIRM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL027.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGZIP.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199469.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ADD.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\JFONT.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00525_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDEBARVERTBB.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\DefaultBlackAndWhite.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MSOUTL.OLB.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericon.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\AWARDHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE06049_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Classic.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CURRENCY.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ENVELOPR.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME25.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableDownArrow.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172067.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105530.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00407_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Northwind.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14578_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ProjectStatusReport.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Casual.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ADRESPEL.POC.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Analysis Services\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsImageTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240291.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115844.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ru\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301480.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115867.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\SETLANG_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00726_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\km\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10298_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\UrbanReport.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00183_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107316.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Formal.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ENGDIC.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDREST.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\MST.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosecolor.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199475.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\InfoPathOM\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386485.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187883.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18232_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14595_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Composite.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Response.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10266_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Media Player\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00638_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\tr.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Pushpin.xml.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\am\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50B.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\cgg\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01746_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00172_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Training.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Phone.accft.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\BTINTERNET.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableUpArrow.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107282.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\setup.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01160_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\LOOKUP.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01063_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCAL.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB6.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\REC.CFG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.VN.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Charitable Contributions.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OIS_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\BillingStatement.xltx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupiconsmask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14579_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01268_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Thatch.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB1B.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\CONTACT.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215076.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Urban.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02446_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152878.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mset7db.kic.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR40F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00050_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185790.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\RCLRPT.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02265_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222021.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jre7\lib\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00943_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01434_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\sv\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Discussion.gta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\PASSWORD.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\VelvetRose.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_italic.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01734_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00808_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00542_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00011_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00306_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL108.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382963.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105504.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR3B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05870_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR18F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SPACE_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\2 Right.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN081.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Sts.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299587.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10267_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\oc\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00202_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR42F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Black Tie.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0235241.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Photo Viewer\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\eu\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\XLINTL32.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02437_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\install.log.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01139_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Teal.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341557.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107718.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0197983.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14539_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGACCBAR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086420.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0298897.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Internet Explorer\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_bullets.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\sl.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\lt.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293828.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00833_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CATWIZ11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00641_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\MedianLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292152.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341654.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152696.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OrielLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03012U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Malta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01166_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Elemental.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18202_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSHY7FR.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PICCAP98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105282.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00531_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02957_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLow.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14529_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14565_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107528.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16ImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\IPIRM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382938.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292982.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01152_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR19F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Opulent.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Category.accft.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00192_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FS3BOX.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03453_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL048.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03041I.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR28B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\subscription.xsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Users.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241773.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Phoenix.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB7.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Yakutat.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\NOTE.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\sa.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152894.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe.sig.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLR.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\BloodPressureTracker.xltx.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_disable.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212219.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21315_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01590_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.BR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Sitka.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\HEADINGBB.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01637_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN054.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297727.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02045_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02384_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01293_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00286_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GROOVE.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OLKIRMV.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\InformationIcon.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02450_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\CNFNOT.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21481_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01657_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01191_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0286034.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Opulent.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SECREC.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15156_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Teal.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02748U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02448_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Microsoft Office\Document Themes 14\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02028_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086432.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239191.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107746.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\ORG97R.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199473.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02749U.BMP.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Reference Assemblies\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\LICENSE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSSKETSM.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\AIR98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18214_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00084_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR42F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OCRHC.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00177_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\kn\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\GB.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ExecutiveReport.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSOUC_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Median.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02453_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02068_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01236_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\SUCTION.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300840.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\DVD Maker\Shared\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178523.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14516_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0230558.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0185604.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02439_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLLIBR.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\OOFTMPL.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21433_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\nn.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232171.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02443_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\TexturedBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02417U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01191_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ne.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\SegoeChess.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsDoNotTrust.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00333_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Equity.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187863.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282126.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200163.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\ARROW.WAV.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Module.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Assets.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PSRCHKEY.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099190.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\URBAN_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\security\java.policy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099184.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Author2XML.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00241_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18218_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\zu\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSGR3ES.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00586_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR18F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\vi.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7EN.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00693_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OneNote\SendToOneNoteNames.gpd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382966.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN109.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105386.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN102.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02074U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLMAILR.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0088542.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\eu.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME45.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME11.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285926.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00276_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00308_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00629_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.ES.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBCALSO.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199483.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Grid.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386764.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00253_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SPRNG_01.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIcons.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00837_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00559_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\SketchIconImages.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\NAVBRPH2.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182946.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Origin.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090087.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\javaws.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152432.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ja\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15020_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0314068.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\CLICK.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00390_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ast\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Origin.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths ransomware.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Foundry.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198372.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196400.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\SNET.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153305.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00668_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01747_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN020.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplateRTL.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107148.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIconMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090783.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02054_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01607U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\bin\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\STORYBB.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00941_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14693_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107262.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14530_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OUTLFLTR.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mset7ge.kic.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\OMSSMS.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183174.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\zipfs.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185834.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00458_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\MSBuild\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\sunec.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\MMHMM.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\INFOMAIL.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0278702.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099182.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287408.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105502.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR19F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSTORYVERT.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.TH.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152608.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107750.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePageStyle.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212685.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GROOVE_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\AD.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107742.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mscss7cm_en.dub.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Solstice.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSIDEBR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185778.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ug\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GRINTL32.REST.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145168.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18194_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\hi.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185806.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Casual.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00268_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Curacao.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02373_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00114_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PROGRAM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0211949.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Mail\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02752U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Apex.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BIZFORM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PROTTPLN.DOC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\NAVBAR11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrowMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382957.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00116_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099174.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241041.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Regina.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00405_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0286068.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Office Word 2003 Look.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXPTOOWS.XLA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\XLCPRTID.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152702.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00170_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Nassau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382925.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB10.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174635.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\TAG.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152694.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7FR.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\MENU.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00159_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSTORE_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48B.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\CONVERT\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fontconfig.properties.src.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Traditional.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14515_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Clarity.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CERT.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02282_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00019_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182902.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKUPD.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0227558.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232803.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIconsMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216516.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14982_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\ODBCR.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02412K.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GreenTea.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01462_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\RESUME.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02262_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\La_Paz.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\currency.data.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297269.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02093_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\th\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01745_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR24F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02750U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\security\local_policy.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\te\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03379I.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15056_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099205.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDEBARBB.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382947.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297757.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01586_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Office\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18207_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\MedianResume.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185786.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198022.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Library\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02298_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WING1.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18197_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\LICENSE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285484.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ADVCMP.DIC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01291_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285410.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGMARQ.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178932.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151073.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03339_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105846.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ml\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LETTHEAD.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02141_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099204.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\xul.dll.sig.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\settings.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ADDINS\OUTEX2.ECF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01219_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGREPFRM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\release.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0290548.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR17F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ORIG98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Macau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\STUBBY2.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105412.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\THOCR.PSP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02280_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\QUERIES\MSN MoneyCentral Investor Currency Rates.iqy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0229385.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215070.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows NT\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_disable.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101861.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01634_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\fr.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\MENU98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148798.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00479_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3B.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Sync Framework\v1.0\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormToolImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212701.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\FAX\OriginFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00057_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01560_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\el\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Metro.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00834_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00459_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0302827.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\eo.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Perspective.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBSBR.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\AccessWeb\RPT2HTM4.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107516.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153299.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188519.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME35.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00046_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PG_INDEX.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01253_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02267_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0160590.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR11F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Perth.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\MAIN.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00668_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00935_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\form_edit.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106146.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\validation.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_underline.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\VIBE.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239975.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\LAUNCH.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\omni.ja.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\EssentialReport.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292272.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENV98SP.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\accessibility.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCAL.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WITHCOMP.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00732_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\meta-index.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\DEFAULT.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0289430.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ar\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01298_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00636_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\br\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\MedianReport.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107182.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105388.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00260_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0186002.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21322_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240189.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\RESEND.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR12F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cayenne.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Flow.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\StaticText.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200383.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\POSTCD98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02444_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199465.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01015_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14832_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198021.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107728.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SPLASH.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ApothecaryMergeLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02264_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\utilityfunctions.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14655_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01196_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00170_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Adobe.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18217_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SMIMEE.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\UnformattedNumeric.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WHITEBOX.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Payment Type.accft.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239057.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153047.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\th.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01143_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SPACER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03331_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME43.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153091.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233992.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTBOX.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199805.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089992.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Composite.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153518.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341653.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00234_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00350_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\be\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cancun.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\SketchPadTestSchema.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00918_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02296_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18184_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292020.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02398U.BMP.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115865.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01158_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OSPP.VBS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZUSR12.ACCDU.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14981_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\GIGGLE.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FOLDPROJ.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\XML2WORD.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15021_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSTH7ES.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00523_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02742G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BZCARDHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\sl\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EADOCUMENTAPPROVAL_REVIEW.XSN.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDEBARBB.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107708.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\it\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALSO98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00232_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00395_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\jvm.hprof.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\7-zip.chm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086384.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\EssentialResume.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGMASTHD.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\OLADD.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187839.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PSRCHPHN.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216540.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296279.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00118_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\fi\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\POSTCARD.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237225.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Teal.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Miquelon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\STORYVERTBB.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151061.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01151_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.FR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01852_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172035.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105276.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ADVTEL.DIC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02424_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00795_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304861.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0291984.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01149_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\RTF_BOLD.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14795_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106124.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18224_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00057_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MSWORD.OLB.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\meta-index.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0279644.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\UrbanResume.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALENDAR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382958.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099158.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Oriel.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prcr.x3d.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287020.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Nipigon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14583_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackgroundRTL.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101980.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0144773.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102594.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.PL.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB02229_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00132_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00723_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\psfontj2d.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186362.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\GIFT.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME29.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME34.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left_over.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTAREA.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174639.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195812.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15034_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\mn.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME48.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10307_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01629_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341636.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106816.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME51.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\AD.DPV.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CATALOG.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSWAVY.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OSPP.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIGNHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15302_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00685_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00625_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\FAX\OrielFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00200_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Document Parts\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME53.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287645.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222015.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14793_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR38F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152602.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212661.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281632.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME38.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Verve.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME14.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL010.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10289_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01255G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OrielMergeFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME46.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292278.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ONENOTE_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN108.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\MENUS.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0093905.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02270_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02740G.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Pushpin.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\IPIRMV.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB1A.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\viewDblClick.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18192_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGDOTS.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00005_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RECYCLE.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105638.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21318_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\UrbanMergeLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\QP.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152430.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR20F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\RES98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18242_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ro.txt.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\OLMAIL.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_AutoMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187829.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152876.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\WSS\1100.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Origin.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCHKBRD.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0156537.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240175.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15135_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OneNote\SendToOneNote.gpd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02451_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01235U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Hardcover.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Solstice.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18233_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Perspective.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105600.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HEADING.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18236_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewFrame.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232393.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePageScript.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107488.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01183_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9B.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\tl\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\nl.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWSHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\it.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Author2String.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\BlackTieNewsletter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FLAP.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows NT\Accessories\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Equity.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\PUSH.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\History.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157191.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187851.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BROCHURE.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CONTACTINFOBB.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME31.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400001.PNG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Media.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187849.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00671_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0332268.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0187423.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\OLTASK.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\EXLIRMV.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\FAX\EquityFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPQUOT.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281008.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\mn\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Trek.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BS53BOXS.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\EXITEM.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\sound.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0175428.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Premium.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02389_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\LASER.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BRCHUR98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.MMW.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME20.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200273.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14594_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Java\jre7\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSOUC_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGHEADING.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01848_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\sv.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_GreenTea.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PULLQUOTEBB.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYER98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\EMAIL.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105288.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Premium.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LINEACT.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01840_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0324704.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285444.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099179.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZLIB.ACCDE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15275_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107134.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02153_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00172_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099162.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OriginMergeLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_LightSpirit.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00152_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImage.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OLKIRM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341455.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Adobe.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\bdcmetadataresource.xsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02124_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\yo.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178348.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Mozilla Firefox\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212953.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149627.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00726_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ta.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR35F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00489_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00257_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows NT\Accessories\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115864.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00917_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB.OPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\lua\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MAPIR.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101863.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15136_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00942_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\POSTCARD.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00642_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01240_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115855.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\he\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ExecutiveResume.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBCOLOR.SCM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107734.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SlateBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL093.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341448.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\REPTWIZ.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0211981.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN103.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\BOMB.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00127_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02755U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\OUTDR_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02464_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02950_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187921.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ONENOTE_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ky\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\APPLAUSE.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00806_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR36F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office Classic 2.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00623_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH00780U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIconMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\COPYING.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02810J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\jfr\profile.jfc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287024.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\StopIconMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183328.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15168_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\London.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285822.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152898.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BUTTON.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21503_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR37F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02066_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151045.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ug.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\SNEEZE.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21336_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03795_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00233_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewFrame.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01164_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ps.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\sq.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DOTS.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\bin\server\classes.jsa ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEWBY.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Urban.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Flow.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SUBMIT.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB4.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Status.accft.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105378.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Concourse.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00560_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152600.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233312.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01468_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CATALOG.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02270_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\plugins\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Apothecary.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR22F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GROOVE_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\si.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Angles.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\RESP98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21448_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ExecutiveLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Adjacency.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME23.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099194.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\Certificates\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\GostName.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188669.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105912.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL104.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387337.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\skins\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10301_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157831.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CERT98SP.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR15F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hardware Tracker.fdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14790_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\REMOTE.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382948.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200611.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02958_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FRENCH.LNG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_over.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR35F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Perspective.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107280.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099172.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198234.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02263_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02263_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN011.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00221_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103058.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Jamaica.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\CheckpointBlock.dxf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\fy.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318810.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALENDAR.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Foundry.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Tasks.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199755.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\kab.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN048.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOffMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Flow.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN096.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Library\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02522_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01146_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImage.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00352_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00486_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01293_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Thatch.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0315447.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ast.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304405.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR44B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Synchronization Services\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ba.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105390.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Maroon.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\STUBBY1.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\nn\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287019.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Earthy.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01569_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\resources\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105336.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01186_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15058_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBARBLL.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Country.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24Images.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBHED98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200377.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\pl\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107496.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00396_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292286.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.DE.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14871_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\MedianMergeLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\SectionHeading.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\QUIKPUBS.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\RemoveFormat.3gp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0150861.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00685_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\az\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB3A.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00610_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00640_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01575_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Thatch.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\tesselate.x3d.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FEZIP.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00211_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185796.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18215_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Aspect.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN022.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0090070.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RE00006_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0293800.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR29B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosefont.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02312_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01838_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21299_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\CASHREG.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Casual.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Oral.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPICCAP.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Toronto.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152414.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Prague.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.HK.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00194_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153514.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.MY.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099176.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187837.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01680_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ONGuide.onepkg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Austin.xml.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00334_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL090.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238959.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01173_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02075_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Media Player\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DVDHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099164.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR23F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18200_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR27F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Default.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGNAVBAR.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWS11.POC.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jre7\lib\zi\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099148.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\jce.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105286.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\HST.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15059_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN082.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Technic.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105384.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePageScript.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00435_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB2B.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SUMER_01.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME24.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01241_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00166_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\bin\server\classes.jsa.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSIDEBR.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0336075.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Library\Analysis\FUNCRES.XLAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0335112.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14654_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00476_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME15.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222017.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00391_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\fa.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18211_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Thatch.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382927.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188513.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01046J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\POSTCD11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SECURE.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02417_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\STORYVERTBB.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01777_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Adak.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ko.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\PLUS.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00199_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01247U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14983_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01473_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\Management.cer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGMARQ.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02759J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PULLQUOTEBB.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_increaseindent.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18227_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239941.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBHOME.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00076_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Metro.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382962.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR28F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00466_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301044.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR5F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME05.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\UTC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Tags.accft.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGATNGET.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\button.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287643.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14538_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\pa\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107154.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02125_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01152_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Essential.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199423.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\FLASH.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21332_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImageMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01572_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05930_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02025_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Merida.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME17.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00704_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGACCBOX.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00914_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Mozilla Firefox\browser\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199279.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Sts2.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYER.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21328_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00052_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Module.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Newsprint.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00633_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME33.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300520.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01041_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OriginLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGATNGET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187817.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PSRCHLTS.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285750.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ga.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\OLAPPT.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBPAGE.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWS98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00049_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Austin.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Median.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Earthy.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE04050_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\NUMERIC.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02746G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103812.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FORM98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Riga.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\lv.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN107.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSRETRO.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\jfr.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\validation.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\brx\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ENGLISH.LNG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Executive.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01742_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDBAR98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ONENOTE_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GR8GALRY.GRA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB11.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0214948.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00646_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216858.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH00601G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GreenTea.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART12.BDR.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\cs\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\BUTTON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10297_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285780.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152436.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02291U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293238.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePage.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIGN.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00077_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02161_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\APPT.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0287005.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099175.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01562U.BMP.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OriginResume.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BS2BARB.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217872.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01395_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WHIRL2.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21304_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02793_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00633_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\WIND.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\CHICAGO.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\VCTRN_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\1 Top.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME41.CSS.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Synchronization Services\ADO.NET\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00485_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\DELIMR.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14869_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107266.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\DELETE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\cs.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\IntroducingPowerPoint2010.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107026.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14984_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR27F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Recife.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\be.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00018_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02390_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LABEL.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BDRTKFUL.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00788_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBOXES.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\THROAT.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101864.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\Accessible.tlb.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PPINTL.REST.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02791_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LTHD98SP.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OEMPRINT.CAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\INVITE.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKACC.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSGR3EN.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Metro.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Analysis Services\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\README.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02227_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02265_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ms\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0158071.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WITHCOMP.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01491_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Sync Framework\v1.0\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBBTN.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATE.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02845G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Black Tie.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIcon.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01301_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200151.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignleft.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14985_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02794_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Grid.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SAVE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00197_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200189.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Sales Pipeline.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107482.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ReviewRouting_Init.xsn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183290.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\sr\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\ORG97.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\XML Files\builtincontrolsschema.xsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01239K.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01044_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ne\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLNOTER.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.SemiTrust.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Country.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234266.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00218_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\QP.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18196_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.HOL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198102.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\BUTTON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Document Parts\1033\14\Built-In Building Blocks.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ACCSBAR.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_VelvetRose.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\QuizShow.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\et.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLWVW.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImageMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.AR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18185_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Slipstream.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Thatch.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSSKETLG.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107308.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\tet\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Atikokan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\BREEZE.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099181.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR34F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15274_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\README.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0221903.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ta\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Templates\1033\Access\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MSPPT.OLB.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099169.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME12.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02268_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\hr.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18223_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00438_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Guyana.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03241_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215709.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR43F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0293832.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03731_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00068_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PAPERS.INI.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\cy.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ClassicPhotoAlbum.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LTHD98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18208_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216600.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL087.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0075478.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00346_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\SalesReport.xltx.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145212.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPrintTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR34F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TAIL.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00223_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL111.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CERT98.POC.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232395.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18235_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386120.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00272_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\XLMACRO.CHM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18241_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02862_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\de\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0158007.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBPQT.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107658.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SlateBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Equity.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Xlate_Init.xsn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ROAD_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\lij.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\NL.ROGERS.COM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18216_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\uk.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ONENOTE.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME42.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107712.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03466_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00957_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318448.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01770_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jre7\lib\zi\America\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18219_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01243_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304875.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN002.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152890.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Civic.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187895.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.CN.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PROTTPLN.XLS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00382_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239965.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107512.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Newsprint.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\SLERROR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233512.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ps\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_off.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Oriel.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FORMCTL.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101860.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151047.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPUNCT.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB8.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\Notebook03.onepkg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN058.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212299.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\INVITE11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Off.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01221K.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGACCBOX.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00390_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\XML Files\StarterToolTemplates.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office 2.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIcons.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00513_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR13F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\RADIO.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00686_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLowMask.bmp.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Internet Explorer\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285820.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151067.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSTORE_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\SETLANG.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME50.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ADDINS\OUTEX.ECF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105230.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_mid.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\jsse.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18206_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR44F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099191.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Amman.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Metro.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\OMSMMS.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107090.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMaskSmall.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\THANKS.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00563_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIcon.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Waveform.xml.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188667.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\RELAY.CER.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LTHDHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101857.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\XML Files\grvschema.xsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03425I.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Chicago.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\BlackTieResume.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN010.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341634.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105368.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299125.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186346.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BIZCARD.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR20F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME44.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02578_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Beige.css.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows NT\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Samara.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Black Tie.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Elemental.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105506.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01563_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00669_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN026.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\de.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Apex.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00683_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382961.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107500.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BZCARD11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233018.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00956_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107264.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02091_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fontconfig.bfc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02426_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\security\blacklist.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Pushpin.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00157_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185842.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00768_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\bg\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0302953.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01358_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR44B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR38F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\update-settings.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\TimeCard.xltx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107494.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LABEL98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03257_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows NT\TableTextService\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297707.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIcon.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02749G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21495_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME02.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107188.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\AMERITECH.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL107.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115876.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBWZINT.REST.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21435_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Clarity.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\MLA.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME08.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\TexturedBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\uz.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\readme.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14691_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_08.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\EMAIL11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm ransomware.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft.NET\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_HighMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0280468.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185798.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02116_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185828.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\LightSpirit.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GRAPH.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\BG_ADOBE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PULQOT98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\TOOT.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BROCHURE.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086426.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01065_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00361_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153093.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105338.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Civic.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\abcpy.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02404_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086428.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18256_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\include\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\TestOptimize.jpe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106208.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01568_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\MedianMergeFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\eBook.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152556.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\InformationIconMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0240719.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SIGN.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\OliveGreen.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBCAL.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14833_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\RSPMECH.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10336_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\hi\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\EssentialLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105380.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mset7fr.kic.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0300862.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\management\snmp.acl.template.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099187.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\UrbanLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199727.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285808.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\rt.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341554.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\RESUME.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_06.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01461_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198226.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00438_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft.NET\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292248.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEB11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0252669.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME36.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00524_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0157763.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187819.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105490.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00256_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099183.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OneNote\SendToOneNote-PipelineConfig.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251925.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ia\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01300_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151063.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Groove.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239943.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14533_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00168_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mscss7cm_es.dub.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MSACC.OLB.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\AUTHOR.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00299_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185800.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\POST98SP.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200279.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\POST.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14794_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\he.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107484.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02742U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\el.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107514.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0298653.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03224I.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DigitalInk.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR16F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00898_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199609.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02736G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SlateBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.KR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\WET.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WCOMP98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PROG98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15301_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\OptimizeInitialize.pptx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00783_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00231_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01295_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEW.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196358.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImages.bmp.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Reference Assemblies\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OIS.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Invite or Link.one.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00828_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00231_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE.MANIFEST.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099168.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148309.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01905_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_09.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUB6INTL.REST.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00938_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Auto.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GROOVE_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Defender\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Essential.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BREAK.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238333.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Generic.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00367_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00235_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01058_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR6B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\jaccess.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\NAVBRPH1.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ExecutiveNewsletter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN105.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382969.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187647.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01294_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\fy\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382954.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297229.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Interface.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107342.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL065.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00687_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00807_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.PH.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\tzmappings.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14754_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Montevideo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03470_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090390.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPUNCT.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00289_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099151.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME27.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02439_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02115_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01164_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\az.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierUpArrow.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\EquityResume.Dotx.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\et\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03011U.BMP.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02398_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233070.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241037.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18229_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSHY7ES.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSGR3FR.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Austin.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183574.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\hu.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178459.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\blocklist.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199661.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR9B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187825.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00234_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105520.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02276_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Dialog.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14753_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\GostTitle.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212751.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195260.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01236U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ACCTBOX.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Status Report.fdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02278_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PROGRAM.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099202.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00673L.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01785_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01157_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18213_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\CHIMES.WAV.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\REMINDER.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00343_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Waveform.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLJRNLR.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\2 Top.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00453_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_07.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIcons.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01292_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsMacroTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIconMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\UCT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_on.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00546_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PPINTL.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02158_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00454_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Havana.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Urban.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198377.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00882_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Nome.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00021_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\wa\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Groove.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN086.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ca.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Executive.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285796.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00734_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0197979.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Couture.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Details.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185780.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePageStyle.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0283209.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BZCD98SP.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ExecutiveMergeLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BANNER.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePageScript.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01923_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099198.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00910_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0294991.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18237_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\CST6CDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME10.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00222_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18247_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\skin.catalog.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239973.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099180.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR11F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200289.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099186.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\precomplete.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\STSLIST.CHM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237759.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MSO0127.ACL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152688.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Paris.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00233_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Moncton.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\GREETING.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186364.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Country.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\en_GB\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\TOC98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENV11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN027.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313970.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183172.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157177.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153302.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\lua\http\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME01.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\SETLANG_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0305493.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01330_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\XLSLICER.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216612.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\TITLE.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00965_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN065.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107446.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105234.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00527_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00296_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessData.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ach\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Solstice.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0227419.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205462.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Blog.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01064_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00445_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\MARQUEE.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Araguaina.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00532_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ContemporaryPhotoAlbum.potx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\management-agent.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Composite.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\EXLIRM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382960.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsVersion1Warning.htm.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01751_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART6.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107150.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21311_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304853.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrowMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14711_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239997.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01356_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400002.PNG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileHigh.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01163_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02253_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239967.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14980_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\FAX\MedianFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0295069.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198020.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left_over.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYER11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153313.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Students.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSOUC_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierCloseButton.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03668_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Contacts.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_spellcheck.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03143I.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB5B.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00735_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Executive.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01069_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Horizon.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\msaccess.exe.manifest.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIGN98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Opulent.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\XOCR3.PSP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00670_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384862.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Photo Viewer\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR23F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME22.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BORDERBB.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152594.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASK.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15185_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN110.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00086_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\content-types.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00513_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Santarem.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\GrantSkip.vdw.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00095_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\TEAROFF.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18182_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21370_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\UrbanMergeFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\hy\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CONTACTINFOBB.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02169_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\form_edit.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02503U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01354_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00224_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\bn.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18198_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309902.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14757_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309567.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215718.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\excel.exe.manifest.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107130.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0228959.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215210.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152892.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PROTTPLV.XLS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01040_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178632.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_justify.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PSRCHLEX.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01148_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341499.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePageStyle.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR25F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304371.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241043.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01744_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART1.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME47.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02567J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00603_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285698.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Inuvik.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Apothecary.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00775_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153095.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18254_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21319_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01659_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182689.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02435_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02009_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02407_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\PublicFunctions.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR26F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\lg\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Lima.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Black Tie.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Equity.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00555_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\VelvetRose.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLY98SP.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Journal\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\Whistling.wav.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Paper.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OneNote\SendToOneNote.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00911_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02126_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0158477.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_03.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\NVBELL.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299171.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupicons.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\WHOOSH.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\weblink.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\attention.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows NT\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOff.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIcons.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01161_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.TW.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7EN.dub.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Code_Signing_2001-4_CA.cer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Defender\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01213K.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right_over.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151581.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSTORE_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CHECKER.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Library\EUROTOOL.XLAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\macroprogress.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PPTIRMV.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0251007.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00483_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\IPM.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB01741L.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBBTN.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00369_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02053J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Median.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OrielReport.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Technic.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287417.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382968.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107744.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282932.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0179963.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR22F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BCSClientManifest.man.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_on.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196364.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099193.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313965.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0217698.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Couture.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174315.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14996_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01242_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_VelvetRose.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00687_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\da\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Priority.accft.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183198.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Doc.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01638_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WHIRL1.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGREPFRM.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_High.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105332.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR3F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBSBR.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00034_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178639.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ku.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152610.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\Attachments.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00397_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_italic.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145373.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ACCWIZ\UTILITY.ACCDA.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL103.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200521.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\NAVBARV.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14844_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWS.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0213449.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLAPPTR.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02092_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Maceio.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Country.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15171_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21330_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR49F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_OliveGreen.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205582.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18231_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02431_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\EST.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281630.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\uz\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Montreal.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01843_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00090_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\VBAOWS10.CHM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00097_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02369_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SAFRI_01.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400003.PNG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\XML Files\Messenger.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\WSSFilesToolHomePageBackground.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00578_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WSIDBR98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01658_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00934_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01566_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR24F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_off.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00454_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\security\cacerts.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_over.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309904.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL096.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309920.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\CLIPART\Publisher\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090089.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_bullets.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0390072.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18190_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Microsoft Office\Office14\FORMS\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217302.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImage.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14580_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02752G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199549.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR00.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185818.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103850.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14756_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\MSTHED98.POC.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ko\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\menu_arrow.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00236_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107314.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB2A.BDR.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLPERF.INI.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\7-Zip\descript.ion.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188511.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\ALARM.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBHD.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\STRBRST.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15133_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ADDINS\FAXEXT.ECF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02829J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL106.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105360.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\AD98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00531L.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ro\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14829_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107254.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10299_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Person.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02470U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\localedata.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0295241.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\TURABIAN.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_spellcheck.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107452.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301252.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGLINACC.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01631_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\PublishTrace.mp4v.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01304G.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01701_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBCAL.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341561.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102984.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALNDR98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Martinique.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\DisableTest.midi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENVHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293234.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SUBMIT.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200467.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16Images.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\DOC.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Apothecary.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01329_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\OLNOTE.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\flavormap.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV_COL.HXT.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\MEDIA\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\security\java.security.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21334_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01630_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR5B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN090.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115866.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Manaus.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Grid.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Issue Tracking.gta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCOUPON.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWS.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15272_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00915_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02071U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\WORDIRM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PROTTPLN.PPT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIconsMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR41F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\uk\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0324694.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187847.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\SplashScreen.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PROTTPLV.DOC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02441_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00014_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Document.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OriginMergeFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0291794.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115839.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ky.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_decreaseindent.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL081.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\REPORT.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\APA.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ExpenseReport.xltx.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ff\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\pl.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.JP.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14582_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGAD.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21326_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\fur\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107502.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\DataServices\+NewSQLServerConnection.odc.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\EssentialMergeLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LABELHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\EST5EDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309480.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow.css.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Tijuana.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BORDERBB.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\hr\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Guatemala.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151055.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\LASER.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART13.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107724.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIconsMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090781.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02069J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\PAB.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02413_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234001.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Godthab.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382836.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233665.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\CLIPART\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.log.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185776.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\Sounds\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OneNote\SendtoOneNoteFilter.gpd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR28F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLPERF.H.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14801_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15172_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Newsprint.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0171685.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086424.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\arrow.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\utilityfunctions.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195248.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Response.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Premium.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195788.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107138.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\bg.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\POSTIT.CFG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ga\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174952.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01875_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsColorChart.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18252_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099195.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Medium.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281243.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Verve.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105398.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00260_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\cy\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01805_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00419_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_mid_over.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\mk\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\Hierarchy.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Median.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\is\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB3B.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\SPANISH.LNG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL054.XML.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02757U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18251_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mset7en.kic.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\PABR.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297551.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTFORM.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02228_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGLOGO.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_choosecolor.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CG1606.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14692_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR41F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR17F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\COPYRIGHT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198447.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\MENU.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309598.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\EquityMergeLetter.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR25F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00117_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ONINTL.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\CNFRES.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ckb\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PSRCHSRN.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00820_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\BlackTieLetter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR37F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\af.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00452_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Journal\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ApothecaryNewsletter.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281638.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL097.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDCNCL.CFG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSTORE.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153265.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101862.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Dawson.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSTH7FR.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Waveform.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\application.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01080_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageSlice.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.ini.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21519_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mset7es.kic.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341738.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01246_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115843.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00452_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107302.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0240695.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Angles.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Foundry.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WWINTL.REST.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\tt.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Faculty.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL083.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Groove.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\id\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.RuntimeUi.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00602_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\nb.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR35B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00132_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Earthy.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297725.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107358.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01239_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows NT\TableTextService\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PRRT.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\es\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18205_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\PRODIGY.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDRESN.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00462_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18199_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\hu\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OIS_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\License.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382931.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03451_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285462.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.NZ.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Maroon.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00444_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105238.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21518_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EADOCUMENTAPPROVAL_INIT.XSN.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_hyperlink.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\DVD Maker\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\gl\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Verve.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYERHM.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01013_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Caracas.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01361_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Paper.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\COUPLER.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME54.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18228_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18244_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198016.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00403_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Chita.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FORM.JS.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Media Player\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Windows Media Player\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\XML Files\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\GMT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18250_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SUBMIT.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099159.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WING2.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318804.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212601.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00212_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft SQL Server Compact Edition\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0175361.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\REPLTMPL.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\ISO690Nmerical.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282928.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR9F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\id.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309664.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14531_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293240.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ADDINS\MSOSEC.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BANNER.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01126_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02039_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\OrielResume.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01858_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02262_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106572.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR43B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATETIME.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGTOC.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387895.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239063.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01618_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18204_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00190_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCOUPON.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Perspective.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00443_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151041.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Composite.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149407.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285792.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSQRY32.CHM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Hardcover.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107364.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103262.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\COIN.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_off.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0235319.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101867.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382939.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18226_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKREQ.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14800_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01035U.BMP.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Accra.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21321_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152628.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00336_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_10.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107490.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\COMBOBOX.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Windows Sidebar\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00126_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196374.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\index.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18220_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01472_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Apex.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0214934.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099197.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Baku.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03380I.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\POWERPNT_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384900.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALSO11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\gl.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\SBCGLOBAL.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL020.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME37.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14710_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_over.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296288.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18245_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\7-Zip\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Issues.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PS9CRNRH.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImage.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21325_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00688_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mscss7wre_en.dub.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_justify.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285782.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099150.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR10F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01421_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0202045.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01165_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SHOW_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Civic.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153307.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignleft.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_underline.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18193_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cayman.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02388_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ca\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\PersonalMonthlyBudget.xltx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\OLJRNL.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\HEADINGBB.POC.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02048_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187893.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21310_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Modern.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\mk.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBPQT.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00389_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGLINACC.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292270.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105348.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382944.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00736_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Projects.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107152.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105246.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\WARN.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01084_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18243_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10337_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignright.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_on.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00330_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\WHOOSH.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382955.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0278882.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Concourse.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287415.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\GRIPMASK.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\va.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21348_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01842_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00297_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\bs\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00932_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ERROR.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301418.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02386_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\SignedManagedObjects.cer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00200_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\ACT3R.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341439.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Module.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382930.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0230553.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\PublicFunctions.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21309_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Grid.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL044.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14769_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281640.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Austin.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105292.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.JP.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\gu\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14513_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10265_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR21F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103402.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\tr\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238983.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\DELIMWIN.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00505_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239611.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18203_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21413_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01366_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GreenTea.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222019.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090779.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149481.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153273.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\DRUMROLL.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Menominee.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Antigua.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341742.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01750_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ASCIIENG.LNG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\default.vlt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400004.PNG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0252629.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Slipstream.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.Runtime.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10302_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\CET.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21338_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\nl\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert.css.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\nb\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PROOF\MSHY7EN.LEX.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107132.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\DataServices\+Connect to New Data Source.odc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239079.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ADDINS\PMAILEXT.ECF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ReviewRouting_Review.xsn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENVELOPE.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL058.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145669.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\db\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\RTF_BOLD.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187881.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00913_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239951.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsFormTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0252349.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02208U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384885.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187815.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\VeriSignLogo.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\MSBuild\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0281904.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115841.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\ka\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PPTIRM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\LoanAmortization.xltx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\BTOPENWORLD.COM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\charsets.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\NEWS.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0250997.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WPULQT98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsImageTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\AdjacencyResume.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02022_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188587.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\DELIMDOS.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\AdjacencyReport.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238927.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105294.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBHD.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02261_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ApothecaryResume.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR15F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01296_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00482_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00433_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14882_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\co\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_VelvetRose.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrow.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01603_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03236_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_04.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Templates\1033\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\rt.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\List.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02285_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01660_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR40F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Paper.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Simple.dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0304933.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Urban.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SNIPE.POC.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\fr\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OMML2MML.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145272.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105280.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignright.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01123_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GRAPH_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime.css.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\kk\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145810.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_02.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDRESP.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART8.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107158.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGACCBAR.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293844.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187861.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CA.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0228823.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows NT\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office Classic.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02738U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0337280.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387604.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21305_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01176_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\gd\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21340_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZTOOL.ACCDE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02423_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\gu.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Casual.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Angles.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241019.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR32F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293570.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02039U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\DISTLIST.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143750.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\management\jmxremote.access.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Horizon.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Name.accft.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152558.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21307_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Sts2.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageSlice.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21548_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01563_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Asuncion.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107328.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\SHARING.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00543_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Horizon.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00564_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGMAIN.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\HLS.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\ms.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107192.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105250.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18249_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\view.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL086.XML.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Stationery\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Aspect.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216153.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0150150.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02753U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dili.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105306.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01682_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216112.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\COUPON.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198113.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15134_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00394_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\security\javaws.policy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BAN98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02361_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107146.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01585_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Analysis Services\AS OLEDB\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Anchorage.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\EMAIL.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\an.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00478_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Casual.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14528_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\MET.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL075.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382967.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0136865.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\OliveGreen.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Start End Dates.accft.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01193_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\io.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102762.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Oriel.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182888.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Noronha.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0177257.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099157.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Wordcnvpxy.cnv.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB9.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WWINTL.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\InfoPathOM\Microsoft.Office.InfoPath.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\IA32.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00402_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152882.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Aspect.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196164.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00116_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00095_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OCRVC.DAT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01172_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215710.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237336.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05710_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Module.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImages256Colors.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\utilityfunctions.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18246_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\CollectSignatures_Sign.xsn.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Microsoft.BusinessData.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105974.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14830_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\classlist.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Technic.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\CT_ROOTS.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086478.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\BG_ADOBE.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152722.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152622.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089945.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195342.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGTEAR.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Certificates\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Apothecary.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackground.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02431_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIconsMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL016.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00428_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Library\SOLVER\SOLVER.XLAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Foundry.thmx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\CALENDAR.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BS4BOXES.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01357_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Managua.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18255_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\Microsoft.Office.InfoPath.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\FOLDPROJ.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.MX.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0229389.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205466.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341344.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099171.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\BORDERS\MSART14.BDR.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\kk.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL022.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSTORY.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR14F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240157.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMaskSmall.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0186348.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115868.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL012.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\mscss7cm_fr.dub.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WhiteboxMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00305_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00557_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195254.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00809_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Person.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00453_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00330_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\resources.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14752_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00681_.WMF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Santiago.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSPUB.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_COL.HXT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00798_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR39F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152698.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00256_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Premium.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SHOVEL.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02041_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\EET.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00373_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Templates\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18222_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18221_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\mai\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD_COL.HXC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0171847.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\FORMS\1033\ACTIVITY.CFG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21422_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0294989.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299763.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OIS_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00423_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN044.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00784_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21427_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\ONINTL.REST.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Bibliography\Style\ISO690.XSL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL011.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OIS_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Vancouver.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10358_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241781.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115835.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\NewCompress.m4a.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\LightSpirit.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.HK.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL109.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDEBARVERTBB.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105320.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00494_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\!!_FILES_ENCRYPTED_.txt ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\vi\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Bibliography\BIBFORM.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145879.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02465_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Public_Primary_CA.cer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.IT.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN092.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14868_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14845_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\LABEL.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WNTER_01.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152568.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LISTBOX.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEW.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00382_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105272.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CHECKBOX.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\BZCRD98.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPICCAP.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_TexturedBlue.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\LATIN1.SHP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234131.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01740_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\EMAILMOD.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00737_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01565_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186360.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24ImagesMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\WORDREP.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105244.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Bogota.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUB6INTL.DLL.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\GREET11.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Solstice.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\FAX\UrbanFax.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0332364.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL026.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14792_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00121_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\InfoPathWelcomeImage.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\RPLBRF35.CHM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02094_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00487_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15169_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099192.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\AssertWatch.tif.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jre7\lib\images\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14581_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.IE.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBARBLL.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287642.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00177_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\or\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME09.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\fur.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR43F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106020.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_ON.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02198_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\7-Zip\Lang\co.txt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR29F.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21480_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\MoveSave.ADTS.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Document Parts\1033\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107024.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\QUERIES\MSN MoneyCentral Investor Stock Quotes.iqy.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145707.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\EquityReport.Dotx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL001.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199303.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\MST7MDT.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\EXCEL_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02252_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FORM.JS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Comments.accdt.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIGN.DPV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\MINUS.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\PS10TARG.POC.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\INFOPATH.HXS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285360.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\an\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Essential.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18191_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\TexturedBlue.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\ACT3.SAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLADDR.FAE.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_TexturedBlue.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00217_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME28.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02071_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02223U.BMP.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21297_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\XLINTL32.REST.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\acro20.lng.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00110_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME19.CSS.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\jfxrt.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\javafx.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\Welcome.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300912.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01548_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Halifax.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195772.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\header.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Waveform.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00018_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_05.MID.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\LoginForm.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02368_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\OUTLLIBR.REST.IDX_DLL.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\PACBELL.NET.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Resolute.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102002.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_OFF.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SEARCH.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15273_.GIF.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN111.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GROOVE_F_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Grayscale.xml.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4B.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386267.JPG.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216874.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV_K_COL.HXK.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Library\Analysis\ATPVBAEN.XLAM.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Discussion.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\splash.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGAD.XML.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Sts.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg.ESCAL-p9yqoly ransomware.exe File created C:\Program Files\VideoLAN\VLC\locale\sk\!!_FILES_ENCRYPTED_.txt ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\logging.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay.css.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199036.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Trek.eftx.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\Hierarchy.js.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Denver.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImages.jpg.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10290_.GIF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00417_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296277.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01162_.WMF.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\gradient.png.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MEDIA\EXPLODE.WAV.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.ESCAL-p9yqoly ransomware.exe File opened for modification C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Oriel.eftx.ESCAL-p9yqoly ransomware.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ransomware.exe"C:\Users\Admin\AppData\Local\Temp\ransomware.exe"1⤵
- Drops file in Program Files directory
PID:288
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1764
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\!!_FILES_ENCRYPTED_.txt1⤵
- Suspicious use of FindShellTrayWindow
PID:620