Analysis Overview
SHA256
da75d48c48022aae0f3134dcb66c3a8180003b014cb12b4727dc02a8e1a83b10
Threat Level: Known bad
The file lsass.exe was found to be: Known bad.
Malicious Activity Summary
Buran
Deletes shadow copies
Executes dropped EXE
Deletes itself
Loads dropped DLL
Adds Run entry to start application
Enumerates connected drives
Modifies service
Drops file in Program Files directory
Suspicious behavior: EnumeratesProcesses
Interacts with shadow copies
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2020-07-09 01:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2020-07-09 01:31
Reported
2020-07-09 01:34
Platform
win7v200430
Max time kernel
151s
Max time network
85s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Buran
Adds Run entry to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Windows\CurrentVersion\Run\lsass.exe = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\lsass.exe\" -start" | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
Enumerates connected drives
Deletes shadow copies
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\notepad.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02423_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00183_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301480.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00445_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00833_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Newsprint.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199475.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14800_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Martinique.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152556.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153095.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172067.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\rmid.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\local_policy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174315.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Thatch.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21481_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105412.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152432.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\javaws.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01152_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105336.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cayman.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238959.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00236_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00116_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0291984.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153299.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02169_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215070.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107266.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00458_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0324694.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Module.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00998_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Detroit.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01154_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107316.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01069_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Technic.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02276_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293236.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Hardcover.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200279.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297269.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03513_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Concourse.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02361_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234657.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\UCT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00168_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Adjacency.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01246_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18211_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cayman | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02158_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OUTLFLTR.DAT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Noronha.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287018.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01421_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14691_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239611.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240291.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382938.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\release.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\sound.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152698.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02361_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00636_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106124.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200289.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02227_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00726_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105306.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00334_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00476_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\include\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\rmid.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00257_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105328.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382965.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hr.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198234.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\excel.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\rt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUPINST.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Etc\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103262.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office 2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090027.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\OUTDR_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18231_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0214934.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00268_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01744_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0157995.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\XML2WORD.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\WET | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03331_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18213_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21495_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00336_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198021.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\LATIN1.SHP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\CollectSignatures_Init.xsn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01603_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0179963.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02958_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285698.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107712.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01566_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18229_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0213449.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200467.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18227_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0144773.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099146.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151047.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01160_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SAFRI_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSO.ACL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102594.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285808.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00095_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\ProtectUnblock.mpg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Beirut | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105338.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18216_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107314.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\subscription.xsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099187.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Elemental.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14833_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21495_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00544_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187851.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Jamaica | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01145_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382968.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14757_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE.MANIFEST | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152432.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212601.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188667.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0252669.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02413_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105376.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107658.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199429.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382930.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281638.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00638_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10297_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Mahe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01182_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107494.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02417U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00728_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285444.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OLKIRMV.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21512_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Paper.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00452_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ROAD_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Foundry.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18235_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01366_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRINTL32.REST.IDX_DLL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02066_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Creston | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00255_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086432.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE06450_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00444_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00297_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Origin.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18189_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10302_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21448_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Office14\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7ge.kic.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Europe\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05869_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00166_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00411_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237759.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400003.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01162_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107746.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199469.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Trek.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15135_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Perth | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107734.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296277.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00345_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\LICENSE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02041_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105710.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195384.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\include\win32\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javaws.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\BCSClientManifest.man | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\fonts\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099180.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386267.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18250_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15021_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OMML2MML.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00934_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Paper.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21330_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0075478.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382954.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386485.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21325_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\tzmappings | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Module.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151073.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00563_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00555_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14869_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18217_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00233_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0302827.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Technic.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Vancouver | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101867.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02443_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03459_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MYSL.ICO | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01770_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00466_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152430.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01565_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105348.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01575_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14516_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUP.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02261_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Paper.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212701.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Executive.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Maceio.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0202045.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00734_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Hardcover.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Australia\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Elemental.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Brunei | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14980_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01080_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239997.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Thatch.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233018.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Samara.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSOUTL.OLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Angles.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00693_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185818.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099173.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153302.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hr.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PAPER_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05930_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\PPTIRMV.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00373_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21334_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00233_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01304G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241043.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03470_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105282.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OLKIRM.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099154.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185670.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14830_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01066_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Noronha | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285750.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382970.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292020.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\meta-index.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Couture.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02233_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\MST7MDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099159.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0227419.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01123_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0157995.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199755.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01461_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10298_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00810_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03425I.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Composite.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MAPIR.DLL.IDX_DLL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Vienna | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15172_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0227419.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01470_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00172_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297749.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00612_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14801_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Creston.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105376.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01046J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ROAD_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01146_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02389_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Discussion.gta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101861.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00732_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01777_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14997_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01491_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00241_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Apothecary.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287020.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00505_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Dawson.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00361_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00916_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281008.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02093_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187847.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00527_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Damascus | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\EST.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107528.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02278_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105520.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSSKETSM.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282126.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00272_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18238_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00543_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115839.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188519.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\GRAPH.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\jaccess.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_02.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15168_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01568_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7cm_es.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Montevideo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0279644.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02265_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02437_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Couture.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02045_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341557.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299587.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02198_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151581.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152890.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195260.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Colombo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157831.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0287005.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\EXLIRM.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107364.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10290_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090781.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105390.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\unpack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01421_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00478_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198494.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00670_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21336_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00306_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086426.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282928.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Median.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149627.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0211981.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282932.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107488.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198372.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02161_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341738.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384885.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00021_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cuiaba | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195772.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Verve.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251925.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01063_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\keytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02368_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02384_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151045.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198447.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Black Tie.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Niue | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02405_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233665.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0186348.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21527_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18244_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196060.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00586_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14985_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Malta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02028_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01296_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185790.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02439_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00132_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15185_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099202.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105280.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01701_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00423_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Almaty | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14693_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107254.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099150.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14832_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299171.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00485_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297551.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Wordcnvpxy.cnv.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00235_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Adak.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0336075.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\AddSplit.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215710.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21340_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\NAMECONTROLSERVER.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\alt-rt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0291794.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199609.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01560_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\jabswitch.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00333_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099168.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187819.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01747_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DissolveAnother.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341554.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00389_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\keytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0168644.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00720_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00723_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14578_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\FRENCH.LNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199727.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107458.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178932.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00231_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02039U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01186_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199279.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282928.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01931J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Apothecary.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115841.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188519.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239191.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Solstice.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21309_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01631_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02446_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15132_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\javafx.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01015_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01848_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7jp.kic | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105638.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01294_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304853.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285822.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02125_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.BusinessData.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ENGIDX.DAT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7en.kic | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00011_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Invite or Link.one.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0213449.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00641_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03464_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178632.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\WORDIRMV.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149407.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0240719.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00049_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183328.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00084_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00276_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318810.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Makassar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293844.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Discussion14.gta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01434_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199036.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0252349.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01357_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSRETRO.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18199_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0227558.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187861.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00052_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00915_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\rt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105298.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02439_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00049_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01743_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\blacklist | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107290.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215718.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18215_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Lima.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Baku.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199661.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287642.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400003.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00494_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174639.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Metro.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14595_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01875_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00723_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15135_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174952.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00235_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205466.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ADVZIP.DIC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216874.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02040U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10302_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15273_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105240.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02578_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0186348.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099179.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02450_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\ReceiveRestart.m4v.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143750.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0293832.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02503U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01245_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00454_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14984_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Slipstream.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309902.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341742.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196164.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00260_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00957_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01157_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152414.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Edmonton | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15302_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153091.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0156537.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jfr.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WING2.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15276_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00915_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099163.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01172_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341634.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02262_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205462.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00343_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101864.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234000.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00388_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02398U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185842.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199805.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01354_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Indiana\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152436.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216612.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313970.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jfr\default.jfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182888.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296279.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Module.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Installed_resources14.xss.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02278_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14655_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00526_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107492.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382948.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\javafx.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099181.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03012U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0090386.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0098497.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198372.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240157.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02742U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14692_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\WORDICON.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186362.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Composite.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\rtstreamsource.ax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195342.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00820_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02371_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Trek.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0150150.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\images\cursors\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Civic.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00601_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01145_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01152_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107146.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\London | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00489_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01245_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00391_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Menominee.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313965.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03014_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SHOW_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090783.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106124.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152690.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00512_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\release | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107514.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107528.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_08.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107130.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02054_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Black Tie.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSQRY32.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Tijuana.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182946.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185842.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188511.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSCOL11.PPD | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02116_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00610_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Module.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293234.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196354.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185778.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00555_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSCOL11.PPD.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\charsets.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02446_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15061_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152430.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\rt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01141_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00152_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Araguaina | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00017_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00116_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Couture.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151063.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10298_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00564_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199465.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217872.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14655_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\tnameserv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107158.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Adjacency.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0332268.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02071_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152716.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241773.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205582.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\GRAPH.ICO | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00919_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148757.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232797.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Fortaleza | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0304933.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386120.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00919_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105246.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21427_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00118_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090089.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Urban.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382966.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02369_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02439_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\ENVELOPR.DLL.IDX_DLL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0171685.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232395.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18251_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01395_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293240.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18230_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21322_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01866_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107350.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02055_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152600.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200279.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\pack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382926.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WHIRL2.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199307.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02074U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSSKETLG.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00121_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02288_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00223_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196164.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21527_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240189.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\SkipRequest.raw.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099151.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00013_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Monaco | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01291_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Grayscale.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299611.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00625_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0300862.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382942.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Origin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14539_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382967.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00837_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\misc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Monterrey.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02426_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21332_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105380.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115865.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\server\classes.jsa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Sydney | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXPTOOWS.XLA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107748.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145212.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00118_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195248.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\CGMIMP32.HLP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21435_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02141_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02740U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00476_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107146.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Adjacency.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238983.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241781.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_05.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099180.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200189.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205462.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182902.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00090_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00231_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Perspective.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03041I.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0217698.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Trek.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javacpl.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01080_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285820.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107288.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02862_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15035_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_07.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00736_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSOUTL.OLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Eurosti.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00442_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099157.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199303.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\net.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15058_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management\jmxremote.access | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15184_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01618_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105348.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00166_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237225.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01130_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02755U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSSKETLG.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Median.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106222.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00221_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Adjacency.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18208_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18225_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14753_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00601_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099157.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187893.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301418.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0332268.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239943.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151055.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14795_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FLAP.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00152_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10289_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Grid.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01658_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01160_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00241_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00668_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00256_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107262.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188587.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301432.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152688.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01246_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Austin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14882_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199473.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105250.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01590_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00096_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02094_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15022_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\release.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099155.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Issue Tracking.gta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01565_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00837_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0149118.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\directshowtap.ax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jfr\default.jfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0093905.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199303.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239951.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00454_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107526.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151067.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282932.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SCHOL_02.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10301_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02262_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Paper.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182902.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297185.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7fr.kic | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107152.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153273.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\URBAN_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234266.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SCANPST.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00077_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187819.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187883.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02228_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Montreal | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\XOCR3.PSP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21320_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TAIL.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Iqaluit | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Andorra | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\BCSSync.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\COPYRIGHT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107516.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200273.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115876.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01330_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292152.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18202_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00394_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office Classic.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01770_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Origin.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281640.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01740_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02369_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105336.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00042_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00532_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Dawson | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152568.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WING1.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212661.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00222_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0295241.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00443_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02356_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341557.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00532_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157191.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01805_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Technic.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153514.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00097_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14528_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01660_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107500.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01173_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232171.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Oriel.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Austin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Matamoros.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152594.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10336_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Omsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105320.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18237_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Hebron | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215718.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02028_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Manaus | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Yellowknife | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00646_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301432.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01152_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OSPP.VBS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00734_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198712.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Graph.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00834_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01294_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\EST5 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00297_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0252349.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Araguaina.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18256_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21370_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01473_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02092_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205582.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00693_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14531_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14756_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240175.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00058_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00382_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Manila.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Qatar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0160590.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02398U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\bin\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Newsprint.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152696.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Aspect.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233312.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384900.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02296_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\sonicsptransform.ax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099148.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0305493.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241037.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\BCSSync.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0280468.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00050_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02263_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0240695.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\CollectSignatures_Sign.xsn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107314.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0324704.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297229.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382969.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01751_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0215086.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02252_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OIS.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\classlist.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107526.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01236_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Detroit | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02897J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Perspective.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14828_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Winnipeg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Karachi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02233_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\javafx.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099184.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01572_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Installed_schemas14.xss.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\VPREVIEW.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00916_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02431_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MML2OMML.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\dnsns.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01746_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Grid.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237228.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Thatch.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00397_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00693_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\bin\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02298_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151061.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185786.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03380I.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Composite.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099172.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107458.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01356_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15058_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01040_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18197_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14982_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Tunis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00211_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00396_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10300_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OEMPRINT.CAT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00799_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18193_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00014_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14515_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\excelcnv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Amman.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02748G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00373_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15277_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02051_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10337_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0214934.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217262.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187921.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293236.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\IPIRMV.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00390_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00453_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00882_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21433_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105276.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00494_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187839.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00687_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01292_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01394_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Executive.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00694_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00208_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15034_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00306_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196358.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285796.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101980.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313896.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382947.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300912.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107426.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198226.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099200.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18229_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management\jmxremote.access.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107512.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145373.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\XLICONS.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14583_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\CGMIMP32.HLP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14752_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Managua | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_es.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Belize.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00578_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0171847.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SAFRI_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107148.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00208_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285808.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00382_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105974.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Perspective.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01636_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01747_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285484.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01044_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00546_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01236_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297185.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18248_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10289_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OCRVC.DAT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\UCT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0305493.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00910_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18196_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01140_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0300862.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\INFOPATH.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Chagos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0136865.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00935_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0158007.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18187_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00438_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00688_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00454_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03241_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01293_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jfxrt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Samara | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00798_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00603_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Foundry.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200151.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00530_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00898_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186346.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Thatch.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Aspect.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Verve.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jvm.hprof.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Waveform.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\FRENCH.LNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02793_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0315447.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18233_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309598.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15272_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232795.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382939.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01139_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00494_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105276.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Opulent.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195384.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02009_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Opulent.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14654_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\ij | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\local_policy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341742.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21295_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\PPTIRM.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Denver | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Hovd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0230553.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00057_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01183_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18230_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152894.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\SystemV\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089992.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107750.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00633_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00255_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01368_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02435_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00194_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Wordconv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Discussion14.gta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0305257.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01080_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00483_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216724.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14769_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00194_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\MST | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107744.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02024_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212299.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287645.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02950_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0217698.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14752_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\bdcmetadata.xsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\unpack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Trek.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15156_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151061.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212957.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\resources.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\tzmappings.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01638_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00369_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00934_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02794_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Oriel.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0332364.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18246_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05870_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200521.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18210_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Perth.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00076_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287408.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107544.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00417_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00820_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089945.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102762.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152560.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099158.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18220_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ADVTEL.DIC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Denver.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0390072.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH00780U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00159_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153307.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199423.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01193_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00462_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115863.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107718.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00334_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Essential.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Black Tie.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00455_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188513.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Hardcover.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00014_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Foundry.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00234_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0229389.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115868.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200377.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105410.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099195.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102984.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182898.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099204.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153516.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01585_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101861.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00200_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21519_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00688_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172193.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15021_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152610.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03011U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099182.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00052_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00681_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00807_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Havana.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00459_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10265_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\BCSEvents.man.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21321_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javaw.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01013_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178639.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02426_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01931J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01394_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02398_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Essential.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01657_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00114_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02400_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200273.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Installed_resources14.xss | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Concourse.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Clarity.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Horizon.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099159.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195254.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200377.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00669_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02263_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB02229_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Technic.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\rt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Belize | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01191_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01478U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02115_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01875_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0175361.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196110.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02749U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01300_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Solstice.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03241_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18221_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21313_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239941.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107450.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196374.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14791_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00367_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\README.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Caracas | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02265_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15035_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\IPIRM.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240175.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304861.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Seoul | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099201.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102594.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management-agent.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Bahia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Antarctica\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01560_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152622.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183174.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309567.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00021_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185800.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03459_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152560.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21332_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01761_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152716.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Austin.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office Classic 2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15018_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103812.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107450.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01295_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01548_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18248_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14530_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090087.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281638.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\GRAPH.ICO.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\XLICONS.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Asuncion.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21334_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01164_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Solstice.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\LICENSE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7cm_en.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Reunion | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00670_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Waveform.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18245_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00372_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00775_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234001.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\security\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0298653.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\LimitInstall.emf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Juneau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102002.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02810J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00369_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00419_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18257_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297707.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18194_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18242_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SLERROR.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\kinit.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01065_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233512.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00610_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099179.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Foundry.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152590.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233992.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00298_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18206_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Phoenix.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00560_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185806.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241077.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299587.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107042.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00513_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196400.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSACC.OLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18239_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Newsprint.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\MST7MDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099192.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\LOOKUP.DAT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03331_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Nassau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18217_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14828_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103058.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297759.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0337280.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0235319.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00685_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174639.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198016.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14984_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21427_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00231_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182689.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00712_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02451_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_06.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01569_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01462_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00382_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00297_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01329_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.Runtime.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152602.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\REMINDER.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kuching | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSWAVY.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSPUB.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\audiodepthconverter.ax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239079.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00127_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14583_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01157_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02444_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Origin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0213243.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212601.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01143_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01268_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301050.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152882.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241773.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18204_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18223_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Chita.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00673L.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21307_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Apex.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Pushpin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Horizon.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21422_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145879.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00407_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02045_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341561.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\rmiregistry.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02265_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18205_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02503U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSWAVY.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01064_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Executive.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00564_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00779_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\EST | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02282_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105338.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02040U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18253_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7fr.kic.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00642_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Median.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21304_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198016.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285462.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115843.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00416_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153087.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01357_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03464_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107302.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212701.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115835.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\soniccolorconverter.ax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00272_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Concourse.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10297_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198022.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\OCEAN_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18203_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185774.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02069J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00468_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183198.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105238.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151041.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Guyana | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318804.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Edmonton.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152708.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01634_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00390_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18212_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\OUTDR_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21313_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01618_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Aspect.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15173_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01268_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02897J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ENGDIC.DAT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02298_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00390_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185670.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00578_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14844_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01740_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB01741L.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21311_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Thule.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00414_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01172_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300520.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099170.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0230553.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Waveform.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198102.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10266_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0185604.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382925.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0305257.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\jabswitch.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198020.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107468.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03041I.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02465_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00116_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099153.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18198_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eo.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00018_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Clarity.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\ktab.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107132.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00525_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Perspective.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187815.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0090070.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145212.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107512.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSTORE.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CG1606.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212957.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Macau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02127_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01637_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00468_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03453_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238959.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02253_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187863.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01472_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Slipstream.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7wre_fr.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management\jmxremote.password.template | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099164.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00795_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106572.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157831.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239953.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01157_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105384.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183168.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099171.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239951.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222017.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Godthab | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199483.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Paper.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01563_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01173_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Bogota.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105396.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\REMINDER.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309904.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103402.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01292_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OSPP.VBS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21304_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.Xml.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Africa\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01629_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02287_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0187423.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00668_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03668_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00006_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02790_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21297_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OEMPRINT.CAT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099200.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14997_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00308_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00257_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105504.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188679.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107130.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107496.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00132_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_05.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153305.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7es.kic.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152690.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Algiers | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21480_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105388.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02282_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\IEContentService.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\sRGB.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\splash.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00833_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Slipstream.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSWORD.OLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00686_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216874.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\java.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02041_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00735_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21308_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01176_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\javafx.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00157_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Dublin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149887.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101865.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232393.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00918_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Concourse.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\flavormap.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18189_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\calendars.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Recife.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00458_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01575_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14754_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105328.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107280.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE.MANIFEST.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232395.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01954_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0186002.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21318_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101867.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00367_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fontconfig.properties.src | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233665.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Apex.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01243_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02067_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Foundry.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18207_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107150.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185780.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107482.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151063.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00917_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02578_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Composite.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382958.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01193_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00057_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02407_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01247U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Horizon.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18218_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099190.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_09.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01191_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293234.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Darwin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Trek.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03339_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03205I.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00452_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.MMW | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Taipei | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0158071.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_02.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14981_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21326_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\java.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Lagos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382955.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03014_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Solstice.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195788.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107302.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151581.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01797_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00199_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292248.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE04050_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02862_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Moncton | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107452.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01858_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\AddSplit.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105368.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00382_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00006_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15277_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216570.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Equity.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196358.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\EnterEnable.mpv2.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0279644.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00943_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RE00006_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00542_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\servertool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185828.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00419_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Module.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14871_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Indian\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00330_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01750_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\WORDIRM.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099163.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105246.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382938.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Office14\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00932_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0211949.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Black Tie.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management\management.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287415.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00523_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01561_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107744.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01161_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Urban.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02740G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Elemental.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Christmas | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\El_Salvador | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216112.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341561.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\deploy\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Apia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00289_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Eucla | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02754U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01041_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178632.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00256_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107480.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14883_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287644.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Concourse.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21318_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02071_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107300.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Regina | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187839.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03236_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\java-rmi.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00965_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287643.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215210.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00828_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\bin\server\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187883.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01548_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_03.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187835.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02228_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ONENOTEIRM.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0229385.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00017_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086384.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18201_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSO.ACL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\URBAN_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01636_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152608.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01563_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21503_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099153.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00253_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Pushpin.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01682_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02388_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01330_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00694_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02268_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01742_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115840.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02424_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00172_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Pushpin.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00389_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WNTER_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Metro.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Elemental.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251871.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099190.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216600.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02423_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01805_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149481.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01638_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SUMER_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00642_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\CheckpointNew.3gp.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Adak | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Oslo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200163.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00260_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Havana | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\La_Paz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02141_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Flow.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145904.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101865.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232797.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fontconfig.properties.src.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01473_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Executive.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285698.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18193_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187863.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\net.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152878.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151055.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14530_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115866.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105600.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152556.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\java.security | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185778.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02431_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Adjacency.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14829_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02753U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400002.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01235U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Inuvik | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107730.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02227_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15056_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\amd64\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00224_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105234.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152696.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01126_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_10.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18235_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14870_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SCHOL_02.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02068_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200163.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01154_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174315.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01849_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153089.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02388_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14801_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148309.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00289_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00177_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7wre_fr.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02386_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01590_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196142.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285780.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Perspective.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00452_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\GRAY.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\MST7 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\La_Paz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Toronto.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400004.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00603_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309664.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Median.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\subscription.xsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090089.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152708.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195320.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01158_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03143I.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01923_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152600.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00629_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15061_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cancun | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00417_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14579_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00435_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304875.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSSKETSM.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107344.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00505_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105502.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Prague.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153313.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00483_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281630.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115868.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00523_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00333_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Oriel.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00546_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18228_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05870_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE06049_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00935_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099146.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\STUBBY1.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01238_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188587.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384885.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285782.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Aspect.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Verve.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152628.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186360.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107722.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01298_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099193.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01161_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Paper.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090027.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174952.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Apothecary.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00798_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212219.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01235U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0221903.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00640_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GR8GALRY.GRA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\HST10 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Curacao.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101859.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301044.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Median.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Santiago | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0090386.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115865.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Pushpin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Atikokan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107344.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386267.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\ReceiveRestart.m4v | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Riga | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105502.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01468_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Wordconv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15018_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Malta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105378.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\klist.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01141_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\MST.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00336_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241041.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05665_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18182_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\LATIN1.SHP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\dnsns.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02404_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RECYCLE.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187847.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292982.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jni.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00256_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382931.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21422_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02390_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00391_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01745_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14595_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00177_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Apex.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01659_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195428.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02750U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106020.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318804.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01354_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02039U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107134.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00828_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kabul | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105414.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107722.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02886_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382952.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00011_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fontconfig.bfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105386.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18187_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02313_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02417U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSACC.OLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02039_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Custom.propdesc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Moncton.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196060.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00057_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00489_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\New_York.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145669.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Maldives | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099160.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02124_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285462.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Equity.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Elemental.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21512_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105368.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107484.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18215_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SketchPadTestSchema.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Wordcnvpxy.cnv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00397_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02075_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\COPYRIGHT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14756_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115855.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105588.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152622.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0197979.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216516.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18252_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02198_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\GROOVE.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0332364.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115844.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02270_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0290548.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00913_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\java.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101859.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02740U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01659_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14654_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0295241.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386120.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149627.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7cm_fr.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Inuvik.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105384.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239953.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Grid.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OCRHC.DAT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\java.security.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387337.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00231_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18220_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jfr.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0230558.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Pacific\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232803.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7jp.kic.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\CollectSignatures_Sign.xsn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15273_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\orbd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\accessibility.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02116_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Newsprint.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182898.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02126_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\ACTIP10.HLP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00671_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01954_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00231_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099197.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148798.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Currie.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240291.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00391_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239975.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0280468.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285782.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\PushExit.eps.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00956_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02886_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00218_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21520_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01301_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382939.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02261_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241037.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00391_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\meta-index | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00034_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00482_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18209_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\java.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185790.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309664.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Technic.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281632.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199283.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\content-types.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Maceio | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02389_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Grid.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0298897.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Athens.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107516.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296279.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00512_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00608_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00255_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105600.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\sunec.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Riga.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SplashScreen.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01474_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18213_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382966.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01361_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02371_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00034_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Nipigon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00005_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_07.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01661_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107724.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216600.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02400_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00403_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01149_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14793_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107358.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145168.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\servertool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Bahia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02158_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233312.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01361_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01243_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099183.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00212_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00299_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Angles.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\Welcome.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00542_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\PPTIRMV.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01607U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292270.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18196_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SegoeChess.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15136_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.MMW.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18246_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00531L.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304875.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341448.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00042_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00736_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195260.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341654.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0202045.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\RSWOP.ICM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14830_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.SharePoint.BusinessData.Administration.Client.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\release | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281008.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222017.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152890.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\STUBBY1.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_04.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18251_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107182.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292272.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101862.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115835.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0228959.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107024.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187825.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304405.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02441_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\ProtectUnblock.mpg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105912.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00814_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Clarity.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Solstice.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00096_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309480.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Composite.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115855.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Newsprint.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152628.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00345_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\management\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0228823.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287642.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382950.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0213243.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00352_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21336_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\rmiregistry.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00524_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Yakutat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21326_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Flow.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14529_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00076_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215210.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Urban.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21319_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02435_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105846.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152722.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106816.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0158071.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\charsets.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00485_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Metro.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Mazatlan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javaw.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02153_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099169.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0177806.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152558.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187861.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02790_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178460.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PRRTINST.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251925.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Sitka | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115876.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ADVTEL.DIC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099204.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239973.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00217_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18221_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0289430.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0221903.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21435_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02950_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\CheckpointNew.3gp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21323_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183174.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00640_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\XML2WORD.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\currency.data.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\CST6CDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0227558.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241019.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01219_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Apex.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Eirunepe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Brussels | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153047.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153273.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00942_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00095_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02794_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105266.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200183.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02748U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105526.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237225.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\ssvagent.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00956_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107328.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212661.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00212_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01035U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02407_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00524_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105294.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00726_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\bin\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01308_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Dubai | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152558.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00233_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Angles.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152610.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_04.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Boise.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02373_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01238_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105240.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office 2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00132_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\SecretST.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSOUC.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198022.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01838_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00435_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297269.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086424.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195812.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090087.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212751.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02280_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18239_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00810_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02746G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21320_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187817.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSO0127.ACL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105272.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Newsprint.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14582_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099172.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216570.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WING1.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107026.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Adjacency.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00788_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18201_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0157763.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292286.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01253_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\trusted.libraries | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00086_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00633_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222019.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18243_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00453_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0090070.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\javaws.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01631_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107446.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00538_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01329_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187815.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382948.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387895.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01470_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099164.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10337_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10307_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105232.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00527_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153518.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14538_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01660_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02285_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Halifax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01253_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Grid.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01468_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\OCEAN_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02746G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215709.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239997.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00438_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02368_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01680_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02405_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00232_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239191.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00775_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195772.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Paris | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\msaccess.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SPANISH.LNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00538_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00668_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Executive.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152884.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02738U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107482.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18254_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105360.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02262_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090390.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01744_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384862.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01637_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107358.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02270_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Composite.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\PPTICO.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239943.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292270.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292278.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02448_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02753U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02742G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\EST5EDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Managua.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00345_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Baku | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Trek.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199549.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199661.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152898.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0175428.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15171_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00513_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cayenne.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01905_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\logging.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18232_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Merida.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02448_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145904.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Hobart | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Concourse.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187849.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jni.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00685_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107480.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01236U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00513_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jfxrt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Guayaquil | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292982.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OLKIRMV.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090777.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099194.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0211981.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21319_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\LOOKUP.DAT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\localedata.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02120_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Module.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105490.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382970.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\CNFNOT32.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02312_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01164_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18203_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14538_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232803.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251871.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099188.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00222_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01905_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01301_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106146.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300840.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18236_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\CNFNOT32.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239079.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Slipstream.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382955.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01562U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jawt.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02749G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7en.kic.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jfr\profile.jfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153095.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198234.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101858.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14565_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15168_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18249_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03257_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Toronto | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00938_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300520.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15169_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Custom.propdesc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107750.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178523.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301076.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14711_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Berlin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0290548.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21519_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.Runtime.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Argentina\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21518_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00428_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382967.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Essential.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301418.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SETLANG.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02269_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Invite or Link.one | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382925.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02067_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_09.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02755U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01734_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\VPREVIEW.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14833_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSCOL11.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\README.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238333.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0250504.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200611.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0324704.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105638.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301044.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00915_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Hardcover.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107708.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Module.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0088542.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7ge.kic | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152876.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382963.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\da.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292278.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18198_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18244_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103262.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153093.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00668_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233512.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00452_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\WORDICON.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Pushpin.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Pushpin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105288.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00305_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01777_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Equity.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18184_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198020.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Clarity.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01255G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01165_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00452_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18233_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ENGDIC.DAT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188511.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198113.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00462_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Paper.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086384.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Apex.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00544_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239975.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE04050_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01041_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02075_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21348_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Opulent.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195534.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\CLVIEW.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0324694.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297749.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jce.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105286.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Executive.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02208U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0278702.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7wre_en.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178348.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18200_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18228_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\IEContentService.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152688.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Chicago | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Ojinaga | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Couture.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02453_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01734_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105398.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\kinit.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105332.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107734.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Solstice.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301252.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Dili | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107090.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145669.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00190_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Athens | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01236U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341455.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382958.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15276_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233018.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285360.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Nome.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107496.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099166.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00732_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14870_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MAPIR.DLL.IDX_DLL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090149.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107658.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205466.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15301_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21390_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239955.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341439.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00693_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251301.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15172_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086478.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00058_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14580_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105250.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172193.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200383.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0230558.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\Parity.fx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101863.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Issue Tracking.gta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01572_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287417.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195534.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01241_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Executive.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099192.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151041.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00068_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Couture.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0291794.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\NAMECONTROLSERVER.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\plugin.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0093905.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18253_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management\snmp.acl.template.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01196_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382957.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01035U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099166.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10299_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382960.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107708.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\amd64\jvm.cfg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02750U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102762.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00013_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18184_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187895.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21305_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Belem.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02267_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00806_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01126_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Verve.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01586_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javacpl.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\EnterEnable.mpv2 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Resolute.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00390_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01568_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21520_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\WORDIRMV.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234376.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fontconfig.bfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145373.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00806_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02253_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01252_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115867.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152702.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0214948.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02091_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01843_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0158007.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03143I.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01563_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239965.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239935.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00298_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SPACE_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15134_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153299.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00261_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185786.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00238_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\rtstreamsink.ax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cayenne | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00268_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01239_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Moscow | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Sofia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341447.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\STUBBY2.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00110_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282126.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01164_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Concourse.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103812.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107484.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287645.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01239K.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185806.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\CompleteRepair.vbe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18247_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02155_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099148.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105292.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00197_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Apex.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105232.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309598.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297707.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02759J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Oriel.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01395_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153265.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382965.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CG1606.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00636_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101857.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00941_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01308_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107188.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21310_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304371.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01761_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WING2.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300912.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00405_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SHOW_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292152.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00232_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292020.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02262_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02465_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02829J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Horizon.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Technic.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00808_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Urban.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285926.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152590.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145707.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02039_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0287005.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSWORD.OLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\STUBBY2.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152626.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00192_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02845G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01680_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03425I.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\VCTRN_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01843_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18192_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241781.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02024_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215709.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199423.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0168644.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\CharSetTable.chr.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SUMER_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\psfontj2d.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00957_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106020.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01607U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Slipstream.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Equity.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00602_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318810.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02845G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21338_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185834.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02022_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152594.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00438_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Trek.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15133_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02749U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293828.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198102.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02127_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\DVDMaker.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Swift_Current | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\London.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14829_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05710_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Elemental.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222019.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Groove Starter Template.xsn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00438_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05930_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251301.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Wake | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01182_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00530_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0088542.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01585_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099191.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105530.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\README.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152414.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00641_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01293_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234266.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089992.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\SuspendSync.aifc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18216_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02053J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\GMT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02431_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18211_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.Xml.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00914_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WHIRL1.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javaws.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00256_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01461_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00095_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSTORDB.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281632.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02759J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\msaccess.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01561_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01563_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241019.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222015.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02742U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03453_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0197979.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240189.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400001.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14757_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107490.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Foundry.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00255_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02617_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115841.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OCRVC.DAT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EADOCUMENTAPPROVAL_INIT.XSN.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03451_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382836.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00402_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Aspect.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18197_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02413_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14531_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102002.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00487_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090390.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145879.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287019.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02097_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00779_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107502.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115863.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185774.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB01741L.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15169_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299611.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105388.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285484.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00305_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Perspective.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Technic.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\JFONT.DAT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00586_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02417_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Oriel.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293570.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0228823.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02293_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00784_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PRRTINST.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Belem | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107342.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01139_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Essential.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287024.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217302.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309904.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341653.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00057_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107258.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233992.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239967.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01241_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15134_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115840.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297725.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02793_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EADOCUMENTAPPROVAL_REVIEW.XSN | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\misc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\PushExit.eps | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089945.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185796.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\orbd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239965.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00656_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Apothecary.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0335112.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00479_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Guatemala.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281640.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00346_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01661_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02752G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02069J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238927.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14983_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01478U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Waveform.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107148.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ADVCMP.DIC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182689.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0298897.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Maputo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382927.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02285_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02025_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02791_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18245_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0278882.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153087.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02752U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18250_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00246_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0298653.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14985_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00050_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01240_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01186_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145272.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106222.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0235241.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\policytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00018_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02356_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222021.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Grayscale.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18225_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21295_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\ENVELOPR.DLL.IDX_DLL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382836.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18222_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14594_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115864.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14513_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00211_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SegoeChess.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107154.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00396_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Solstice.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\LICENSE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196354.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18241_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15185_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101862.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152878.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Martinique | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cancun.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00260_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21305_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152694.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185818.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Angles.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Guam | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090783.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00132_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01255G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00479_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188669.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Civic.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099174.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234000.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14710_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00121_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107490.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239967.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00241_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00126_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00486_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\psfont.properties.ja.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00364_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03257_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00260_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Thatch.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107452.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216540.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153302.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186346.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02124_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216724.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18185_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21321_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0230876.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086420.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105414.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107456.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107158.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Angles.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.SharePoint.BusinessData.Administration.Client.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309902.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01063_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\zipfs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.RuntimeUi.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\tnameserv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18207_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Easter | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107502.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318448.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00330_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00455_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0283209.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7cm_fr.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01058_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187835.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03466_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14793_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239057.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222021.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\PST8PDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099177.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14983_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00218_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099155.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099178.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200383.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143750.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285792.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00199_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297551.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\CST6 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107132.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00638_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199549.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\LICENSE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00068_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00608_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Godthab.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Vancouver.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Paris.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Equity.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Aspect.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Guyana.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18210_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\GROOVE.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107300.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0278702.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149481.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GR8GALRY.GRA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Matamoros | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00019_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Macau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105244.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309920.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01013_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099162.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297727.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196364.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02276_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287644.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Efate | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212751.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297725.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107468.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195254.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Paper.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199283.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Waveform.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00046_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187859.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216112.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Waveform.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0229385.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Montreal.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00191_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21307_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02093_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02417_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02431_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\UTC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239935.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Aspect.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Elemental.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02412K.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mspub.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\NOTICE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238927.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301252.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00442_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382969.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293570.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WNTER_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00428_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Black Tie.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\CharSetTable.chr | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Opulent.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0158477.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232795.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281243.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301052.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02757U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Lima | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00612_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03470_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400002.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\BCSEvents.man | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01586_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18219_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02280_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OMML2MML.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00531_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Metro.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mspub.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105272.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01304G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Pushpin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\PYCC.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00343_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SWEST_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01183_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107730.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05869_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00726_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18214_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198226.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105292.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00276_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02166_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00808_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00345_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00681_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0295069.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00687_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Minsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086424.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\XLCPRTID.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02009_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18206_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01080_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107138.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\ext\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7wre_en.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01166_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00557_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00788_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15173_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01852_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02293_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099173.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21413_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099149.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Composite.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199307.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14769_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0315447.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153514.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00018_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234657.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00543_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099176.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086428.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14513_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03451_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00177_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Newsprint.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183168.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\WET.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200467.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Installed_schemas14.xss | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382962.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382930.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01368_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Atikokan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105266.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02444_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00097_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02750G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107742.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232393.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185828.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198494.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285444.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196374.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287020.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115864.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0177257.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Foundry.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSRETRO.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Apothecary.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Grid.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Nassau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18257_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148798.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152608.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341344.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\da.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Oral.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287018.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188669.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE06450_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02736G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02437_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196110.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099150.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Perspective.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237759.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02074U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01297_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\meta-index | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Solstice.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18226_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Caracas.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01628_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00998_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00629_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14869_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099198.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0250997.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RE00006_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01213K.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Civic.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02263_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Oral | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01146_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00191_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299763.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01123_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099160.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239057.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14753_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0289430.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03731_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02617_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14800_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02386_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00231_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10300_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Cocos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00296_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SWEST_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187647.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18191_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSOUC.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02957_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14754_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\alt-rt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\javaws.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21308_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00127_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099182.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099198.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14790_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\HST.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jsse.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107150.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174635.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Guatemala | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02740G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01165_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\BCSClientManifest.man.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\sunec.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14867_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\CT_ROOTS.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\zipfs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299763.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14790_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\VCTRN_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Midway | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0150861.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151073.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285780.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382931.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Couture.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099191.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\calendars.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152704.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02097_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107138.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195812.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Manila | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198025.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341634.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02453_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382968.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01191_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10358_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341455.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106208.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241077.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00559_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21480_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107288.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0252669.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Civic.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187837.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292272.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105398.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01356_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Couture.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107514.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01148_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00014_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ONENOTEIRM.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099154.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02270_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0286034.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0291984.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03236_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Groove Starter Template.xsn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105234.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14996_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SketchPadTestSchema.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103850.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153091.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Median.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01746_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152898.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153508.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management\snmp.acl.template | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153047.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00633_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03011U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01569_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01658_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02522_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18232_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Grid.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14580_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105520.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0302953.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0250504.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00388_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00563_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14980_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14794_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01006_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01742_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18224_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02312_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216858.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Module.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21503_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Rainy_River | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21518_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296288.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02120_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02094_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01006_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02071U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Bogota | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0235241.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18227_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Nipigon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02267_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01143_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Slipstream.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00459_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107350.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02450_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EADOCUMENTAPPROVAL_REVIEW.XSN.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01196_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02125_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02282_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18191_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0294991.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02291U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00768_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105320.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172067.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239063.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215076.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101860.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01151_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00126_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00014_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Regina.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Hardcover.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107488.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285792.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099176.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18182_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18236_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01630_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199469.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\fieldswitch.ax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21299_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145810.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199465.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Zurich | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285822.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00394_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\GMT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107042.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239941.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14581_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Clarity.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174635.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00834_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Couture.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\klist.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107426.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01759_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105496.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Menominee | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182888.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216612.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jfr\profile.jfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105380.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01848_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216588.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18212_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099202.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172035.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149887.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115867.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18194_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03513_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0286068.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_it.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00372_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00110_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157167.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jsse.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212685.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Horizon.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105378.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Urban.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382944.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00911_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148309.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18254_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\GRAPH.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153265.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02055_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Hardcover.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18205_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Miquelon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00114_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107290.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18190_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00814_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SELFCERT.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02054_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Austin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234131.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106958.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Oriel.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15059_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Antigua.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00117_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233070.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313970.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02791_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18223_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\St_Johns | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099152.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSPPT.OLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OIS.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02155_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02053J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02058U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\psfont.properties.ja | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUPINST.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105332.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15136_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185796.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02022_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03205I.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7cm_en.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313896.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00807_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SPRNG_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15274_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153518.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00917_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105244.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00941_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18199_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00898_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\ktab.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00673L.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00019_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05665_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00200_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01298_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188679.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099177.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107544.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02092_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Waveform.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00197_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187851.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00438_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21328_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15275_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02115_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01221K.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Opulent.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\java-rmi.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02169_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15133_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107152.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216516.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341654.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107262.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240157.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03224I.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\server\classes.jsa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099186.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21330_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14529_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSQRY32.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00792_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105306.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400004.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02470U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00350_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01240_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149407.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188513.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106208.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\Welcome.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Civic.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090781.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107090.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153089.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14691_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151047.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01242_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01759_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0228959.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309920.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293844.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\cacerts | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Antigua | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Jamaica.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ADVCMP.DIC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341499.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00168_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Hermosillo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01628_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00728_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105504.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239611.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00183_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115843.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Panama | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387604.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jce.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Verve.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Aspect.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14656_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0252629.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145272.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\CET | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217872.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02268_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105530.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0293800.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02443_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187817.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187849.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00555_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\policytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18256_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01923_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0240695.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0240719.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152892.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198447.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00170_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099205.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105496.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0251007.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00704_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185780.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03379I.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115844.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01221K.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01040_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301480.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18238_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21309_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299125.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02287_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145707.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153398.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Origin.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00411_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00234_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183290.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SELFCERT.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Halifax.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01157_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099152.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153313.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01866_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299171.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRINTL32.DLL.IDX_DLL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099169.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107188.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107254.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00633_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Perspective.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304405.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301052.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287417.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199429.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03339_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Austin.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186362.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01299_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00623_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\localedata.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00918_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Origin.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MML2OMML.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\CST6CDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103850.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01491_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00482_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15156_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0136865.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00299_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15034_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MOR6INT.REST.IDX_DLL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02269_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Equity.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\LimitInstall.emf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199036.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187921.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00095_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Opulent.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14539_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14832_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00234_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSPUB.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0098497.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107280.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106146.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107728.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01299_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Apothecary.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01634_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18234_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00223_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Metro.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234131.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00361_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01630_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086432.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107742.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0171685.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178459.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\jfr\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10336_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SplashScreen.bmp.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Singapore | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01172_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341554.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OSPP.HTM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE06049_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18190_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18241_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Curacao | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14578_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02066_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02025_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107328.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178523.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341447.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099195.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02810J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0156537.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00433_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SPRNG_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183328.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02088_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02161_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187859.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00783_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01838_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Thatch.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107724.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\XLCPRTID.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Asuncion | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0149118.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285410.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\7-Zip\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287643.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Opulent.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01172_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382957.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\JFONT.DAT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099174.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200189.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18243_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15022_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00669_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03379I.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0337280.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15272_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234001.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OCRHC.DAT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107282.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196142.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01253_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103058.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301050.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18192_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382950.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02009_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14882_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200611.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01140_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387591.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Resolute | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212219.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Anchorage.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Palau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02263_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099183.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241041.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382963.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02384_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00172_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14581_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086426.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01058_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090779.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Dili.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382947.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387591.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00170_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14871_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.BusinessData.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\CompleteRepair.vbe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106572.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Horizon.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21548_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00395_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Technic.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15274_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00557_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Origin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10265_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Barbados | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00192_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SPACE_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00560_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18214_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00178_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105410.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0278882.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\CET.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02829J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00704_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00943_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285926.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185800.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00525_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18252_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216540.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400001.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01474_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00726_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00795_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Horizon.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01163_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0214948.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\powerpnt.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099194.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\java.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\cacerts.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153508.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02752U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105360.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341636.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Oriel.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00443_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00286_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\cmm\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\EXLIRM.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199473.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Equity.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115839.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02166_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00233_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105230.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\CLVIEW.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ASCIIENG.LNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02068_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152702.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01358_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00685_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Civic.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107718.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153516.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Metro.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296288.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Santarem.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0177257.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\Common.fxh | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099151.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107748.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153398.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152698.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Elemental.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18219_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00241_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02282_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15171_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099178.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101858.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01682_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7wre_es.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105506.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Essential.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Budapest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099201.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105526.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\LICENSE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15301_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185834.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Apothecary.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198377.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15056_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\WORDIRM.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188667.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSTORE.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01293_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238333.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387337.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215076.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10267_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187893.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196364.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183290.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02088_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02522_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18224_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157177.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH00780U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ASCIIENG.LNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152892.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285796.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301076.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Amman | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152570.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\server\Xusage.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00433_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21370_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152704.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01300_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285750.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21481_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MOR6INT.REST.IDX_DLL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01657_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00487_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\PST8 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00453_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086428.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02264_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200521.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105412.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Metro.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Austin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105386.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183172.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00395_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01162_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00170_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293240.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\INFOPATH.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185798.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Urban.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199727.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0171847.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18234_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105286.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107026.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107154.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14794_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Thatch.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293238.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105912.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02009_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0185604.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00720_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Graph.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183172.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216153.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Angles.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\SkipRequest.raw | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\content-types.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Sitka.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105588.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_08.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\javaws.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUP.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107492.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187837.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSTORDB.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099168.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01066_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Flow.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00965_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02126_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21310_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Whitehorse | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSPUB.TLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\psfontj2d.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Black Tie.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0179963.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00735_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00200_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00077_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105294.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198377.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0281904.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14845_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153305.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02071U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00452_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01296_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\EET | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01849_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FLAP.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0175361.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186360.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Currie | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00403_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107182.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107308.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0187423.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0235319.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00407_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183198.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00453_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18202_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Prague | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382954.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099158.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSN.ICO | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0150861.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Flow.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233070.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Madrid | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199483.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02048_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Verve.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199609.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297727.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02404_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\EET.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187829.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00444_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14582_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382944.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Median.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10301_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099205.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0315580.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\IPIRM.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0157763.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14792_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00296_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187829.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00531L.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ENGLISH.LNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0251007.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21322_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Urban.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02058U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01297_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21390_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387895.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00246_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Median.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216588.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14533_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.SemiTrust.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03012U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Clarity.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106958.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office Classic 2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02957_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00938_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Verve.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099187.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0144773.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14845_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151067.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00712_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01840_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\EXLIRMV.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\blacklist.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0252629.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296277.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285360.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086420.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Panama.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153093.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195320.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107364.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02048_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152884.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21325_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00416_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WHIRL1.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\THOCR.PSP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099171.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152722.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297759.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\THOCR.PSP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18249_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eo.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172035.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185798.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0293800.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00200_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Hardcover.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01151_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14594_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SETLANG.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Gaza | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107258.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Tijuana | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00686_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198712.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01472_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01252_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Accra.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Anchorage | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0336075.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\classlist | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152436.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107316.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14868_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00405_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0175428.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212953.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00687_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099188.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Merida | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00297_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01242_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00364_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0283209.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200151.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00531_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02567J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\excel.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\PPTIRM.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341448.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02296_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\IPIRMV.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00117_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186364.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00116_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00454_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\XOCR3.PSP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107264.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01069_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SPANISH.LNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107024.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152606.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152694.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_03.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01239_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178460.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0314068.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18208_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14711_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18222_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01046J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\server\Xusage.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02264_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195788.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01164_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01750_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00784_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00423_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18255_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\jp2launcher.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Origin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21315_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01239K.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02749G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Tirane | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101864.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101857.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PAPER_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00911_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Trek.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183574.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management\management.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Accra | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Foundry.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14710_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_06.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00172_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\YST9 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00445_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Atlantic\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Rome.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099203.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02958_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Flow.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02291U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0304933.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14516_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00555_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199279.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01566_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03224I.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00792_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Discussion.gta.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00086_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382952.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00685_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DissolveNoise.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00783_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304371.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384900.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02754U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01237_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105390.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313965.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21340_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02223U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14996_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\meta-index.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02441_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01158_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02567J.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03795_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00402_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Flow.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107342.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0295069.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304853.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03731_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ADVZIP.DIC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00646_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01627_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00177_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099184.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00352_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\offset.ax | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01163_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107308.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Mexico_City | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\PPTICO.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103402.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21433_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14982_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10358_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0315580.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384862.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02736G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02373_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00170_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152570.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01064_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0302953.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105280.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PRRT.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Clarity.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01358_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\pack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18226_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15020_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200289.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0229389.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00623_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Equity.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10307_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OUTLFLTR.DAT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\EST5EDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341738.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185776.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01842_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\Filters.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00438_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18185_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02252_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099170.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151045.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00202_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187881.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107266.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287019.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02424_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21297_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02451_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Pushpin.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH00601G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Flow.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21323_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00084_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01785_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02051_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18209_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099149.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152606.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382961.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01166_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03466_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01842_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101860.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02748G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00494_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Opulent.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.SemiTrust.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300840.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14656_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\logging.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239973.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341645.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14791_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02153_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199755.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessData.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01084_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Essential.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01797_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239955.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\St_Johns.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21311_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105974.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153307.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14795_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14868_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\ACTIP10.HLP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195248.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02439_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00234_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Metro.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0158477.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18204_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01152_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00217_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281630.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02413_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105298.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198025.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\SuspendSync.aifc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00204_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01785_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02413_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01213K.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21348_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00687_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Essential.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01840_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH00601G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01247U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00910_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01462_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\MET | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157167.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115866.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\bdcmetadataresource.xsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7cm_es.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\jp2launcher.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00202_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00190_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Waveform.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Thule | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152894.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Cairo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386485.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10266_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101863.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Santarem | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Kentucky\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105238.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00671_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\UTC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107746.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02738U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01751_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXPTOOWS.XLA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01191_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152876.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSOUC.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01237_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01745_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292286.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382960.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18242_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285820.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00466_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21299_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232171.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304861.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Newsprint.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Urban.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\bod_r.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Nome | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107192.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ENGIDX.DAT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\jaccess.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Essential.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_de.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14792_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GROOVE_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01434_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00809_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14533_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01852_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183574.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02288_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02412K.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Chihuahua | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00346_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00486_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02464_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Civic.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15059_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SCANPST.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\SLERROR.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382962.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_10.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02464_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15132_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107456.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01044_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212685.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0186002.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00090_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\PST8PDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0335112.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRINTL32.DLL.IDX_DLL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00799_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7es.kic | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Composite.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341344.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00330_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0177806.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0294991.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Flow.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14579_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02265_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14677_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01219_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Tehran | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0293832.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217302.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01065_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01858_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01293_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\excelcnv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382927.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0230876.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Paramaribo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105846.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RECYCLE.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14883_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216153.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234376.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\GRINTL32.REST.IDX_DLL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\README.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148757.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00737_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OLKIRM.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\HST | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02470U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01366_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Concourse.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Chita | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090149.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178639.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00286_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7db.kic | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\resources.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01295_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\RSWOP.ICM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Yakutat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10299_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187647.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0281904.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285410.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14528_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\CollectSignatures_Init.xsn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215710.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00932_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Phoenix | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297757.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0390072.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105710.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.RuntimeUi.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102984.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105506.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216858.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Montevideo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00178_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Monterrey | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02223U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14692_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14867_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287024.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Black Tie.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00046_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382942.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0250997.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Kiev | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0294989.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Austin.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15184_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00602_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187881.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00559_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Oriel.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14565_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107282.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00683_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0211949.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14515_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195428.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Hardcover.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152602.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSPPT.OLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086478.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Barbados.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152882.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Manaus.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215070.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341636.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382961.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02757U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01629_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099197.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107446.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222015.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145810.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178932.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15020_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01603_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099162.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105396.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241043.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Document Themes 14\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00414_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00350_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15302_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PRRT.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18218_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157191.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSO0127.ACL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00204_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05710_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00221_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293828.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00526_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00914_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0197983.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mscss7wre_es.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Bissau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00236_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199805.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292248.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10290_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02270_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099175.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281243.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090779.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105490.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02748U.BMP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Santiago.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Juneau | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386764.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386764.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Thatch.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178348.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196400.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14677_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00238_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00882_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318448.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217262.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382926.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02398_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107192.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02750G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01743_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01015_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106816.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107712.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0314068.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Slipstream.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387604.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\flavormap.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\splash.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239063.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02208U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Grid.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0197983.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02390_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14693_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00942_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18255_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01627_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00159_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21328_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\bdcmetadata.xsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00809_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Clarity.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Metlakatla | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10267_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0160590.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01701_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099193.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152626.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287415.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145168.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01562U.BMP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WHIRL2.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSN.ICO.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107264.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\New_York | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341653.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\ssvagent.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299125.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198021.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management-agent.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01148_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18237_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099175.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297757.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341645.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02091_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18247_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21548_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00478_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\CT_ROOTS.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238983.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Apothecary.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\OSPP.HTM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0286034.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MYSL.ICO.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Rome | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105230.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\sound.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\powerpnt.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00625_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSCOL11.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00915_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TAIL.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107728.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00768_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293238.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090777.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198113.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01253_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\bdcmetadataresource.xsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18200_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\accessibility.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099203.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Civic.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187895.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01130_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00261_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101980.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0294989.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Slipstream.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\plugin.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02752G.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21448_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB02229_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0075478.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15275_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\MSPUB.TLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01084_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105288.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00913_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309480.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office Classic.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Horizon.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Chicago.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14981_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00683_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\ENGLISH.LNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Magadan | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212299.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152568.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Boise | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EXCEL_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0302827.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jvm.hprof.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01149_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21315_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107494.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\AST4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\README.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212953.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309567.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157177.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341499.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessData.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237336.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18231_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00513_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107500.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0150150.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099186.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00224_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03668_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Austin.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107134.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287408.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03795_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02742G.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\EADOCUMENTAPPROVAL_INIT.XSN | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Miquelon | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237228.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\currency.data | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01291_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237336.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00308_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195342.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03380I.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Verve.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Executive.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\MET.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199475.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00656_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00330_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Recife | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00737_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\EXLIRMV.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00005_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186364.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178459.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0286068.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01176_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14844_.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185776.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297229.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00157_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105282.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00253_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187825.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200183.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Black Tie.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21338_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21413_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341439.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\mset7db.kic.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099181.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0215086.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02313_.WMF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182946.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00018_.WMF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe | N/A |
Modifies service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer | C:\Windows\system32\vssvc.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\lsass.exe
"C:\Users\Admin\AppData\Local\Temp\lsass.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe" -start
C:\Windows\SysWOW64\notepad.exe
notepad.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe" -agent 0
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.7.0.255:138 | udp | |
| N/A | 10.7.0.255:137 | udp | |
| N/A | 239.255.255.250:1900 | udp | |
| N/A | 239.255.255.250:1900 | udp |
Files
\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe
\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe
memory/1328-2-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe
memory/1428-4-0x0000000000000000-mapping.dmp
memory/308-5-0x0000000000000000-mapping.dmp
memory/1020-6-0x0000000000000000-mapping.dmp
memory/112-7-0x0000000000000000-mapping.dmp
memory/1644-8-0x0000000000000000-mapping.dmp
memory/1536-9-0x0000000000000000-mapping.dmp
memory/1688-10-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe
memory/1764-12-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lsass.exe
C:\Users\Admin\AppData\Local\Temp\~temp001.bat
memory/1792-15-0x0000000000000000-mapping.dmp
memory/1772-16-0x0000000000000000-mapping.dmp
memory/1776-17-0x0000000000000000-mapping.dmp
memory/600-18-0x0000000000000000-mapping.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2020-07-09 01:31
Reported
2020-07-09 01:34
Platform
win10
Max time kernel
150s
Max time network
136s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
Buran
Adds Run entry to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\taskeng.exe = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\taskeng.exe\" -start" | C:\Users\Admin\AppData\Local\Temp\lsass.exe | N/A |
Enumerates connected drives
Deletes shadow copies
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Suspicious use of WriteProcessMemory
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\notepad.exe | N/A |
Modifies service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer | C:\Windows\system32\vssvc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\orcl7.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_MoveNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\wsimport.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\rt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\resources.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\common.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerWideTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\orbd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\images\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUR.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Integration\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\office32ww.msi.16_office32ww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\classes.jsa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\Xusage.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_f3\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSPCL.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\README.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditMoment.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\office32ww.msi.16_office32ww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\TimelessResume.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\rmic.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightDemiBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-awt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_ko.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.map | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\WidescreenPresentation.potx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\RADIAL.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\BREEZE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\calendars.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Resources.pri | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PAPYRUS.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\NOTICE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\boot_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\as80.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\Documentation.url.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office 15\ClientX64\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\cacerts | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\NamedUrls.HxK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBUI6.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\plugin.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOS.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-nodes.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PAPYRUS.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunmscapi.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\currency.data | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\SATIN.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Library\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockSmallTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\WordCapabilities.json.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10O.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeAppList.scale-125_contrast-white.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\zipfs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.WPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\AppVOpcServices.dll.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql2000.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\skin.dtd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICI.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBHW6.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmid.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\sysinfo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\psfontj2d.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\.eclipseproduct.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbynet.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\CollectSignatures_Init.xsn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-loaders.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_zh_TW.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\StartUnregister.docx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\javaws.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\AppXManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Flattener\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\BREEZE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\ssvagent.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\Proof.Culture.msi.16_proof.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\javaws.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_col.hxc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jvm.hprof.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\OriginResume.Dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\sysinfo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\CONCRETE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MUAUTH.CAB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARA.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10R.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\COMPASS.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\rmid.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\sa-jdi.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\charsets.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\org-openide-modules.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\CIEXYZ.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\include\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\ECLIPSE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG3.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\meta\art\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\release | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaSansDemiBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WatchOut.mpeg3.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ja_JP.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\stopNetworkServer.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeLogo.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorLargeTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\WT61FR.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\orcl7.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\edit_12x12.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\boot.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management\management.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PROFILE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\java.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\AXIS.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\office32ww.msi.16_crossbitness.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\LICENSE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\default.jfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-io.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\jconsole.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\Welcome.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\THIRDPARTYLICENSEREADME.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_es.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\System\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_es.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\outicon.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\winamp2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\jfluid-server-15.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sqlpdw.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\LEVEL.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-text.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql2000.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_hu.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\intf\modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\setEmbeddedCP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaBrightDemiBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\SONORA.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\plugin.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\HxRuntime.HxS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\tzdb.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaSansRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-explorer.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\dcfmui.msi.16_dcfmui.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\CAPSULES.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSAN.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorMedTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\RedoLimit.iso | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fontconfig.properties.src.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_f_col.hxk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\BREEZE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\SONORA.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\RADIAL.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\trusted.libraries | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\ktab.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_LinkDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditRichCapture.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VBAOWS10.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-actions.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\branding.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\GRAY.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorLargeTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-options.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\CompressCopy.ods.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightItalic.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\accessibility.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\CompareDisable.vssm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\da.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\VBE6EXT.OLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\java.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec64.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsMedTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\ct.sym.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\3RDPARTY | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-text.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\NETWORK.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SplashScreen.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\LICENSE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_k_col.hxk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\cursors.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\jfxrt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PIXEL.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\proofing.msi.16_proofing.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-actions.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\PICTIM32.FLT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jce.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\NOTICE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\LoanAmortization.xltx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496937509.profile.gz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\schemagen.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\New_Skins.url | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeWideTile.scale-125_contrast-white.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\ffjcext.zip | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\klist.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\LEVEL.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\PNG32.FLT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\java.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.update\platform.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyrun.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\New_Skins.url.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_de_DE.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\java.security | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbytools.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\PYCC.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYHBD.TTC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\ExcelMessageDismissal.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_f14\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-actions.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\CAPSULES.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\MSTAG.TLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSBI.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\msmdsrvi_xl.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-execution.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\README.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\ARCTIC.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\BLUEPRNT.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInRefocus.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\artifacts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\EssentialResume.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInCinemagraph.contrast-high_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_ja.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\RevokeConfirm.reg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\cldrdata.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_Common.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\AUTHORS.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fontconfig.properties.src | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_it.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\office32mui.msi.16_office32mui.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\PYCC.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNI.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxSignature.p7x | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAI.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sqlpdw.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\LINEAR_RGB.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_de.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_PostCommon.Office.x-none.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\LAYERS.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-actions.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\RADIAL.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\jaccess.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\flavormap.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\policytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Bibliography\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\PICTIM32.FLT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PIXEL.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\MSTAG.TLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\jawt_md.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-explorer.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\Flattener.exe.config.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\powerpointmui.msi.16_powerpointmui.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\db2v0801.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGIB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\en-us\oregres.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\klist.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\local_policy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-io.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSI.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management\jmxremote.password.template.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_ES.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyoptionaltools.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\office32ww.msi.16_crossbitness.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\SATIN.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\FM20.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pl.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\AppVPackaging.dll.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalResume.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\logging.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\SUMIPNTG.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunpkcs11.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\orbd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUR.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\3082\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_es.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInRefocus.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\VBE6EXT.OLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_MoveNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\DCF.x-none.msi.16_mondoww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\dt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\SwitchExpand.xps.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightDemiBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessMessageDismissal.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\net.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditRichCapture.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\SONORA.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrvi.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\COMPASS.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management\snmp.acl.template | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hr.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmiregistry.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightDemiItalic.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\wordmui.msi.16_wordmui.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Office16\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\tzmappings | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\cldrdata.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\BOLDSTRI.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\classlist | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\COPYRIGHT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\PowerView.x-none.msi.16_mondoww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\RECOVR32.CNV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunec.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\da.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ko_KR.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\HxRuntime.HxS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaBrightRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-awt.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\RICEPAPR.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\DCF.x-none.msi.16_mondoww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\blacklisted.certs | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG2.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.update\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\EXCEL12.XLSX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelDraftFluent.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\profile.jfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jce.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\invalid32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\AppxManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\xjc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\splash.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\REFINED.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare.HxS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\RevokeGroup.clr | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\charsets.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sybase.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_MoveDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\updater_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\osmmui.msi.16_osmmui.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_CopyNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\Interceptor.tlb | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\RADIAL.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\classes.jsa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\java.security | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\local_policy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\images\mecontrol.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\localedata.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\psfont.properties.ja.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWDB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\VERSION.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.war.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_zh_TW.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_zh_CN.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql70.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\management\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\dnsns.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msolui.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\ext\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\CommonSequencingProperties.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia64.msi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\COMPASS.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInRefocus.contrast-high_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\images\MSFT.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\java.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\custom.lua | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALN.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_col.hxc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\skype_titlebar_logo.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyoptionaltools.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\GRAY.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-api-visual.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\mcxml\es-es\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\requests\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\AFTRNOON.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\Xlate_Complete.xsn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-compat.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\jaccess.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\AppVLP.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\content-types.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jsse.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-options.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_f2\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ICE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\COPYING.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\resources.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\sound.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\tnameserv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\calendars.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditMoment.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-awt.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.ITS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\tzmappings.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\trusted.libraries | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\WATER.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\jconsole.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\visualvm.clusters.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\tzmappings | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchMedTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-text.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaBrightItalic.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoasb.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSJHBD.TTC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBCN6.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\sunjce_provider.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ECHO.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-execution.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\release.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WatchOut.mpeg3 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\tools.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\CollectSignatures_Sign.xsn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfigOnLogon.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\RMNSQUE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeMedTile.scale-125_contrast-white.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\core_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\Integrator.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\ct.sym | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fontconfig.bfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\sound.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_zh_CN.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec64.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\AppLocalUCRT.x-none.msi.16_AppLocalConditionalUCRT.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AirSpace.Etw.man.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-windows.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\resources.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-black_scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-nodes.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\PackageManifests\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\javaws.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGIB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\RevokeGroup.clr.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\SATIN.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\intf\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\orcl7.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfxswt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\config.ini.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-compat.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\TimelessLetter.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_es.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\plugin.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\visualvm.conf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\ffjcext.zip.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\nashorn.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-options.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\BRANDING.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\servertool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\psfontj2d.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\packager.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_f_col.hxk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\BLUEPRNT.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-util.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerWideTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\RMNSQUE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\as90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\EXPEDITN.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PROOF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\keytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\wordEtw.man | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\updater.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\tzdb.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\AugLoop\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ExpenseReport.xltx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInCinemagraph.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\BillingStatement.xltx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\VERSION.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\EVRGREEN.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.HTM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\accessibility.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jfxswt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\Xlate_Complete.xsn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_EN.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2launcher.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\RMNSQUE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jni.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\AXIS.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_ko.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\System\MSCOMCTL.OCX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\javafx-mx.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\CIEXYZ.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_Common.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoev.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\kinit.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyclient.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Excel.x-none.msi.16_mondoww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\misc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\classlist | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_authored.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\klist.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\javaws.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\javaw.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\ffjcext.zip.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\BLENDS.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\EXPEDITN.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkServerCP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\classlist.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\QuizShow.potx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\javaws.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\orb.idl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\THIRDPARTYLICENSEREADME.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496939244.profile.gz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.map.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaSansDemiBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\jvm.cfg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\meta-index | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\RIPPLE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeLargeTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\dnsns.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\policytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\CAPSULES.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\artifacts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\PowerPoint.x-none.msi.16_mondoww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\as90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\sunmscapi.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-white_scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\org-openide-util.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-MEDIUM.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\TimeCard.xltx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\ConfirmClear.potm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_cs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\NEWS.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\SLATE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\PowerPivot.x-none.msi.16_mondoww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\BloodPressureTracker.xltx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.0.2.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaTypewriterBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWAD.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\orbd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaSansDemiBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\rmic.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ko_KR.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\msjet.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALN.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaBrightDemiItalic.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msolui.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Pitchbook.potx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\SwitchExpand.xps | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyclient.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosAppList.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ECHO.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBOB6.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\js\common.js | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\meta-index | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\java.security.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-nodes.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jdwpTransport.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\SUMIPNTG.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pt_BR.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\meta-index | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\access-bridge-64.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_CopyDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_f_col.hxk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\jawt.lib | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\en-us\oregres.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\classes.jsa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\CASCADE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management-agent.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG2.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\dnsns.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\AppLocalUCRT32.x-none.msi.16_AppLocalConditionalUCRTCrossBitness.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_EN.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-api-progress.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\images\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\meta\reader\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsAppList.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hr.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PAPYRUS.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_ko.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jvm.hprof.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\localedata.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\boot_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\PYCC.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_postcommon.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\zipfs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\javaws.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\THEMES.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\DebugStep.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\Flattener.exe.config | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\SETUP.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\accessibility.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\java.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockSmallTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\keytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaTypewriterRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\CONCRETE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\GroupSend.vb | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\keytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management\snmp.acl.template.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\bin\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\Images\image_placeholder.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeMedTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\US_export_policy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosLargeTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\resources.pri | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\branding.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\packager.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MEDIA\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\ARCTIC.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\REFINED.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\default.vlt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSAN.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\splash.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeTile.scale-125_contrast-white.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_it.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\OriginReport.Dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\javafx-mx.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\CollectSignatures_Init.xsn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaSansRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARA.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\7-Zip\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\meta-index.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICBI.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\pack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-text.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CACH.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sqlpdw.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\setEmbeddedCP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-util.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\mc.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\visualvm.clusters | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-actions.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\CommonCapabilities.json.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\net.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\core_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\sunjce_provider.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\README.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\rt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWAD.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\flavormap.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql70.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\jaccess.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\wordEtw.man.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\klist.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\office32mui.msi.16_office32mui.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\AXIS.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\sunpkcs11.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackReport.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\hijrah-config-umalqura.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\msmdsrvi_xl.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\playlist\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\orbd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriL.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\CompareDisable.vssm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\policytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10O.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare.HxS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_pt_BR.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\rt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-awt.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fontconfig.bfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\LINEAR_RGB.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\trdtv2r41.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\rmiregistry.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\excelmui.msi.16_excelmui.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ADO210.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\as80.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PROFILE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\org-openide-filesystems.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\java.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_zh_CN.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\LAYERS.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as80.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_zh_TW.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\AUTHORS.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\officemui.msi.16_AppXManifestLoc.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\THIRDPARTYLICENSEREADME.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\updater.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_de_DE.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\psfont.properties.ja.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\tzdb.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office15\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\misc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\BRANDING.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\core.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp32.msi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSI.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-io.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\jmxremote.password.template | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\WATERMAR.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_fr.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\resources.pri | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\pack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_fr.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.c.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\NIRMALAB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfig.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CACH.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\Xlate_Init.xsn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ECHO.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-black_scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\jfluid-server.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\rsod\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\plugins.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\psfontj2d.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\ir.idl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.JPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\classes.jsa | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockLargeTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\plugin.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\management.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\sunec.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\ARCTIC.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\AppxBlockMap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jvmticmlr.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-options.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_TW.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\bin\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\servertool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\sound.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1036\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jfr\default.jfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_mondoww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\jfxrt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\nashorn.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\rmid.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\resources.pri | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\EVRGREEN.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\RICEPAPR.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\org-openide-util.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sqlpdw.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_zh_HK.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496939244.profile.gz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\OneDriveSetup.x-none.msi.16_OneDriveSetup.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_k_col.hxk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\meta-index | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\US_export_policy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WPFT632.CNV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\orcl7.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\sRGB.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EADOCUMENTAPPROVAL_INIT.XSN.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sybase.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaTypewriterRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\jfluid-server.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\HeartbeatConfig.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\flavormap.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL096.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\CommonCapabilities.json | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\VERSION.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\blacklist | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\pack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\officemuiset.msi.16_officemuiset.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\COPYRIGHT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\java-rmi.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBHW6.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeAppList.scale-125_contrast-black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\schemagen.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_k_col.hxk.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARAIT.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\CompleteReset.jpeg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-io.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp64.msi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare.HxS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\ssvagent.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sqlpdw.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\en-us\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\BORDERS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\SLATE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaBrightDemiItalic.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jfr.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_ES.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\SEGOEUISL.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL002.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\sRGB.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msotd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ReviewRouting_Init.xsn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\WATERMAR.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\java-rmi.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\OriginReport.Dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\access\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeLargeTile.scale-125_contrast-white.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496926556.profile.gz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-io.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\hijrah-config-umalqura.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_MoveDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\SLERROR.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYHBD.TTC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jvmti.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\blacklist.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBUI6.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-loaders.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\RIPPLE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sqlpdw.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\PowerView.x-none.msi.16_mondoww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\klist.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jvmticmlr.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\blacklisted.certs.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\WATERMAR.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\BLUEPRNT.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\core_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\nashorn.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\blacklisted.certs.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\jfxrt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSBI.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\LICENSE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\ktab.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\COPYRIGHT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_de.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_zh_HK.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\sdxhelper.exe.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\ECLIPSE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\security\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\BREEZE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\blacklisted.certs | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management-agent.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jni.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNI.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\SLATE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_MoveDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\JOURNAL.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\PersonalMonthlyBudget.xltx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\hijrah-config-umalqura.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\keytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_postcommon.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-output2.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\GRAY.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_LinkNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PROFILE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\ExitApprove.jpeg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\InstallerMainShell.tlb.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsWideTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\orb.idl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-modules.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTEXTRA.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\release | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_it.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Configuration\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\NIRMALA.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\access-bridge-64.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-actions.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Word.x-none.msi.16_mondoww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockWideTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\dropins\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\org-openide-util-lookup.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\cacerts.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalResume.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\OSMUX.x-none.msi.16_mondoww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\tnameserv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_it.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\javacpl.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jce.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\SLERROR.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\dt.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\sRGB.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\mcxml\fr-fr\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\trdtv2r41.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\view.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\java.security.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\include\win32\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fontconfig.bfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_ja.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\TimelessLetter.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Keywords.HxK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-windows.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\README.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\BOLDSTRI.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\kinit.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Wordcnvpxy.cnv.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchSmallTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\jmxremote.password.template.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSJHBD.TTC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\unpack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\US_export_policy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496926306.profile.gz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\main.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as80.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pl.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\core_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\java.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MUAUTH.CAB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\THANKS.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\WATER.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeAppList.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Client\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\TimeCard.xltx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\XML2WORD.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-options.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\psfont.properties.ja | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-execution.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\DebugStep.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jfr.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msolui.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\meta-index.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\orcl7.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\ij | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInCinemagraph.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\SATIN.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\db\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\sdxhelper.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.c | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\AFTRNOON.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\NETWORK.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\NEWS.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsLargeTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\AFTRNOON.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_pt_BR.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\bin\server\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\trdtv2r41.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaTypewriterBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\orbd.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICI.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\System\MSCOMCTL.OCX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\MSADDNDR.OLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBLR6.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\.lastModified | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp32.msi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\README.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaSansRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorAppList.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_it.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\osfFPA\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\ExcelMessageDismissal.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\jvm.cfg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoia.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerLargeTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jawt.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\dnsns.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jsse.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrvi.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.war | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\SUMIPNTG.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\view.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\keytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\officemui.msi.16_officemui.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightItalic.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ICE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\graph.ico | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\invalid32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\Interceptor.tlb.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\UndoSet.au3.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\sunpkcs11.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\CASCADE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditRichCapture.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_CopyDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_mondoww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\javafx-src.zip | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.0.2.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-nodes.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\LINEAR_RGB.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunjce_provider.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaTypewriterRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\3RDPARTY.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Integration\Addons\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\meta-index.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\org-openide-filesystems.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\blacklist.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\COPYRIGHT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_f4\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management\management.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\org-openide-modules.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\osmuxmui.msi.16_osmuxmui.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_zh_TW.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_col.hxt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICBI.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriL.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\ExitApprove.jpeg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\sunmscapi.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\zipfs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\http.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\AssertSplit.potx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\es-es\Proof.Culture.msi.16_proof.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\js\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\informix.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\ffjcext.zip | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\org-openide-util-lookup.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\VERSION.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\SDXHelper.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeWideTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\stopNetworkServer | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\kinit.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EADOCUMENTAPPROVAL_REVIEW.XSN | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\LoanAmortization.xltx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditRichCapture.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\PYCC.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ReviewRouting_Init.xsn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\policytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\WidescreenPresentation.potx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\CONCRETE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\PowerPointCapabilities.json | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\jni_md.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\currency.data | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_sv.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\en-us\oregres.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_pt_BR.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessCompare.rdlc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ReviewRouting_Review.xsn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\RIPPLE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\currency.data.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\unpack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\wordmui.msi.16_wordmui.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTCORSVA.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBCN6.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\.lastModified | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\XML2WORD.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\images\MSFT.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-loaders.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeWideTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\MSADDNDR.OLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\delete_12x12.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\mcxml\en-us\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\default.vlt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\COMPASS.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\OSM.x-none.msi.16_mondoww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\JOURNAL.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\tnameserv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\classfile_constants.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\java.policy | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-explorer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\flavormap.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-compat.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\klist.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\unpack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\skins\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\THEMES.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\InstallerMainShell.tlb | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ICE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_MoveDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\FileSystemMetadata.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\db\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jvm.hprof.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\ResumeWatch.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\blacklist | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\officemui.msi.16_officemui.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_CopyDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fontconfig.properties.src.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\core_visualvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AirSpace.Etw.man | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\Xusage.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\NIRMALA.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jmc.ini.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_CopyDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\BLENDS.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\EXCEL12.XLSX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\zipfs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\AppLocalUCRT.x-none.msi.16_AppLocalConditionalUCRT.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-LIGHT.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\cacerts.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\jfr\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\BloodPressureTracker.xltx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeMedTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\ant-javafx.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\FM20.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosWideTile.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOCRRES.ORP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\CompressCopy.ods | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\content-types.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\msjet.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\tnameserv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\config.ini | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\powerpointmui.msi.16_powerpointmui.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInCinemagraph.contrast-high_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\LAYERS.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\hrtfs\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkServerCP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\AppVOpcServices.dll.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\LICENSE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jdwpTransport.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSPCL.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\EVRGREEN.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\Xusage.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\AppVPackaging.dll.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\snmp.acl.template | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\wsimport.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-loaders.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\kinit.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\invalid32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\jvm.lib | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\LICENSE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-awt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\SEGOEUISL.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\LockScreenBadgeLogo.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunmscapi.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaBrightDemiBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\StudentReport.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\StudentReport.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYH.TTC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10R.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\OneDriveSetup.x-none.msi.16_OneDriveSetup.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessMessageDismissal.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_fr.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\skin.catalog | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\RICEPAPR.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_sv.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfigOnLogon.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pt_BR.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\JOURNAL.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\psfont.properties.ja | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTCORSVA.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\servertool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\SDXHelper.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management-agent.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriLI.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\ExcelCapabilities.json.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_fr.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\invalid32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_LinkNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyrun.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\hijrah-config-umalqura.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaBrightRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EADOCUMENTAPPROVAL_INIT.XSN | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\javaws.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\officemuiset.msi.16_officemuiset.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBOB6.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\javafx.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ExpenseReport.xltx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\osmuxmui.msi.16_osmuxmui.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\NETWORK.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\EVRGREEN.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\ConvertFromGroup.bmp | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\OSMUX.x-none.msi.16_mondoww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\sRGB.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_col.hxc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\RedoLimit.iso.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\ssvagent.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Word.x-none.msi.16_mondoww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\outicon.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.VBS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSplashScreen.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\PowerPivot.x-none.msi.16_mondoww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\README.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EADOCUMENTAPPROVAL_REVIEW.XSN.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\images\mecontrol.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-windows.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Excel.x-none.msi.16_mondoww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jsse.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInCinemagraph.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-api-search.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaSansDemiBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496937509.profile.gz.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\CASCADE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\skin.dtd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessCompare.rdlc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.JPG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\officemui.msi.16_PostCommon.Office.MUI.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as80.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\logging.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfig.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_fr.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaTypewriterBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackReport.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\RIPPLE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\WT61ES.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\servertool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_col.hxt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\cmm\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_cs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\bin\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jfr\profile.jfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\release.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\QuizShow.potx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\Documentation.url | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\visualvm.conf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\CIEXYZ.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\Xlate_Init.xsn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\unpack200.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_ja.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkClientCP.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCallbacks.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\skins\fonts\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCallbacks.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-white_scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_de.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-windows.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-MEDIUM.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\xjc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInRefocus.contrast-high_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\fonts\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-dialogs.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\jfxrt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\cursors.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\FileSystemMetadata.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management\jmxremote.password.template | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\classfile_constants.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\boot.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\logging.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\sa-jdi.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PROFILE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\WT61ES.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ru.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\cursors.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoia.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrvi.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\VideoLAN Website.url | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_it.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\psfontj2d.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerMedTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\SLATE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\javafx-src.zip.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WPFT532.CNV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\fr-fr\Proof.Culture.msi.16_proof.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_licensing.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\db2v0801.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\REFINED.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\index.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jvmti.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\NIRMALAB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\en-us\oregres.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\PersonalMonthlyBudget.xltx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\mcxml\x-none\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\jfluid-server-15.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\COPYING.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\officemui.msi.16_PostCommon.Office.MUI.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInRefocus.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\THANKS.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\cursors.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\local_policy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\amd64\jvm.cfg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\jjs.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditMoment.contrast-high_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\CommonSequencingProperties.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\fre\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\classlist.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_FR.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\osmmui.msi.16_osmmui.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_sv.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\SDXHelperBgt.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_licensing.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\java-rmi.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\serialver.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\.lastModified | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\loc\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VBAOWS10.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\ECLIPSE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_f7\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_es.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\EDGE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaTypewriterBold.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbytools.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jce.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\HeartbeatConfig.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\policytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\ij.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\SDXHelperBgt.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_ko.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\trdtv2r41.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\LICENSE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-io.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\rmiregistry.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ADO210.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-compat.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\accessibility.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\cldrdata.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_f_col.hxk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditRichCapture.contrast-high_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PAPYRUS.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrvi.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\boot_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\trdtv2r41.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\sd\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\javaws.policy.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\meta-index.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jvm.hprof.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSJH.TTC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_pt_BR.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496926556.profile.gz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\net.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_PostCommon.Office.x-none.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\calendars.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\resources.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\ant-javafx.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_col.hxc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInRefocus.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\management.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ICE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\es-es\Proof.Culture.msi.16_proof.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_col.hxt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_w1\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\JoinGroup.docx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\profile.jfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-dialogs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\EmptyReport.rdlc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightRegular.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Pitchbook.potx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WPFT632.CNV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\EXPEDITN.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\LEVEL.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\currency.data.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_hu.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\javaws.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-modules.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunjce_provider.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYH.TTC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\ExcelCapabilities.json | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\calendars.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchWideTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\RevokeConfirm.reg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\logging.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\serialver.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\LEVEL.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\SETUP.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\PowerPoint.x-none.msi.16_mondoww.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\index.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\ConvertFromGroup.bmp.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\nashorn.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL096.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\javaws.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\charsets.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfxswt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496926306.profile.gz | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\javafx.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_k_col.hxk | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\orbd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msotd.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTEXTRA.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\db\bin\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-LIGHT.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\javacpl.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\OSM.x-none.msi.16_mondoww.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\EDGE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\WATERMAR.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\LINEAR_RGB.pf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eo.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWDB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ja_JP.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\EDGE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\EssentialResume.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoev.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jfxswt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\amd64\jvm.cfg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\tzdb.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\jmxremote.access.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jmap.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\COPYRIGHT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\default.jfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_fr.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\EXPEDITN.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-util-enumerations.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\amd64\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\core.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\AFTRNOON.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaBrightItalic.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\System\VEN2232.OLB.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\WATER.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office16\OSPP.HTM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\ECLIPSE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\RECOVR32.CNV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-white_scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\en-us\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management-agent.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\SONORA.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fontconfig.properties.src | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\OriginResume.Dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\System\VEN2232.OLB | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\sound.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\excelmui.msi.16_excelmui.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\TimelessResume.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.WPG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\jjs.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\BLUEPRNT.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\Welcome.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerWideTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorWideTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\content-types.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\keytool.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jsse.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\access-bridge-64.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\RMNSQUE.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\tnameserv.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\WordCapabilities.json | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\proofing.msi.16_proofing.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PIXEL.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\ConfirmClear.potm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\dropins\README.TXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\jaccess.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Wordcnvpxy.cnv | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\CASCADE.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditMoment.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_LinkDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\WT61FR.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-windows.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Keywords.HxK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\charsets.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\README.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Resources.pri.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jawt.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\jawt.lib.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\CollectSignatures_Sign.xsn | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG3.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_de.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\core_visualvm.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management\jmxremote.access.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\jvm.lib.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\LICENSE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\javafx.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmid.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\fr-fr\Proof.Culture.msi.16_proof.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\uninstall.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgePackages.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\extensions\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\vlm.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rll.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\REFINED.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_zh_HK.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSJH.TTC | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_es.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\THIRDPARTYLICENSEREADME.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ReviewRouting_Review.xsn.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\BLENDS.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\snmp.acl.template.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_FR.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_zh_CN.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as90.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\javaw.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\ssvagent.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\BOLDSTRI.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_TW.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WPFT532.CNV | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\orcl7.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\dropins\README.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBLR6.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\NamedUrls.HxK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\splash.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\javafx.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\net.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\jni_md.h | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\NETWORK.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_zh_HK.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\LICENSE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\tnameserv.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\JPEGIM32.FLT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-api-search.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\css\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\AppxSignature.p7x | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditMoment.contrast-high_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgePackages.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\Xusage.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorLargeTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jmap.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNB.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\modules\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\skin.catalog.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msolui.rll | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\lib\deploy\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOCRRES.ORP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbynet.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-options.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaTypewriterRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\CompleteReset.jpeg | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\.eclipseproduct | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.ITS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\AssertSplit.potx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\tzmappings.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\README.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\WPGIMP32.FLT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\CONCRETE.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\cmm\CIEXYZ.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\ktab.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-execution.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriLI.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia64.msi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jfr\profile.jfc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\management\jmxremote.access | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\content-types.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare.HxS.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\Flattener.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\EmptyReport.rdlc | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\Office.x-none.msi.16_authored.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\BLENDS.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\PNG32.FLT.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OWSHLP10.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_ja.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ru.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\BOLDSTRI.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\officemui.msi.16_AppXManifestLoc.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\jfr\default.jfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockSmallTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\THMBNAIL.PNG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_LinkDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\kinit.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\localedata.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BSSYM7.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-print.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\BillingStatement.xltx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_sv.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\SkypeApp\Assets\SkypeLargeTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-compat.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\GRAY.pf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_LinkDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\COPYRIGHT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\cldrdata.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\graph.ico.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\US_export_policy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\dcfmui.msi.16_dcfmui.mcxml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\tools.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\EDGE.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-awt.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\java-rmi.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\x-none\AppLocalUCRT32.x-none.msi.16_AppLocalConditionalUCRTCrossBitness.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PIXEL.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\trdtv2r41.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp64.msi.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\ARCTIC.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ECHO.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\JoinGroup.docx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2launcher.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUB.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\PowerPointCapabilities.json.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAI.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\mcxml\en-us\Proof.Culture.msi.16_proof.mcxml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-text.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\jmxremote.access | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunpkcs11.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\AppXManifest.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\CAPSULES.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-black_scale-200.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\mc.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBENDF98.CHM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\cacerts | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-explorer.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\informix.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_col.hxt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkClientCP | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelDraftFluent.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOS.TTF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\security\local_policy.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\GroupSend.vb.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\rt.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\jawt_md.h.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jmc.ini | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Flattener\Flattener.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\SUMIPNTG.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\kinit.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmiregistry.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\WATER.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-compat.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\localedata.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\StartUnregister.docx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightDemiItalic.ttf.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\pack200.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditRichCapture.contrast-high_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL002.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunec.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\ir.idl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\THMBNAIL.PNG.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSmallTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\policytool.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInCinemagraph.scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\PREVIEW.GIF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.boot.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\fontconfig.bfc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-text.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\RICEPAPR.ELM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARAIT.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\LAYERS.INF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\UndoSet.au3 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSG | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\access-bridge-64.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\JOURNAL.INF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BSSYM7.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\AXIS.ELM | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\PREVIEW.GIF | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as90.xsl.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\ext\sunec.jar | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-windows.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\ktab.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eo.txt | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBENDF98.CHM.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\ResumeWatch.css | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.boot.tree.dat.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\splash.gif.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\!!! ALL YOUR FILES ARE STOLEN and ENCRYPTED !!!.TXT | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-windows.xml.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as80.xsl | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaSansRegular.ttf | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.582-22C-A06 | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditMoment.contrast-white_scale-100.png | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\lsass.exe
"C:\Users\Admin\AppData\Local\Temp\lsass.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe" -start
C:\Windows\SysWOW64\notepad.exe
notepad.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe" -agent 0
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
Network
| Country | Destination | Domain | Proto |
| N/A | 10.10.0.255:138 | udp | |
| N/A | 10.10.0.255:137 | udp | |
| N/A | 239.255.255.250:1900 | udp | |
| N/A | 239.255.255.250:1900 | udp | |
| N/A | 127.0.0.1:47001 | tcp |
Files
memory/3008-0-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe
memory/2972-3-0x0000000000000000-mapping.dmp
memory/3812-4-0x0000000000000000-mapping.dmp
memory/3932-5-0x0000000000000000-mapping.dmp
memory/3868-6-0x0000000000000000-mapping.dmp
memory/3784-7-0x0000000000000000-mapping.dmp
memory/3368-8-0x0000000000000000-mapping.dmp
memory/1004-9-0x0000000000000000-mapping.dmp
memory/1508-10-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe
C:\Users\Admin\AppData\Local\Temp\~temp001.bat
memory/392-12-0x0000000000000000-mapping.dmp
memory/3756-14-0x0000000000000000-mapping.dmp
memory/2700-15-0x0000000000000000-mapping.dmp
memory/3676-16-0x0000000000000000-mapping.dmp