b24138773df4528b653442a1640a3f480a3172015c6fe1997979d5a52a85e8dd

Analysis

max time kernel
150s
max time network
124s
platform
windows10_x64
resource
win10v200722
submitted
22/09/2020, 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pewpew_p.bin.exe
Size

1.0MB
MD5

202bf9be9a4e45526e482f08104717ad
SHA1

1e5bbfb9167150935c6eb25bbbebbe5c77a97aa2
SHA256

7282df1360af4c028930ffd9fbc30ea9d17f08f14b725f8020677dd9df961c55
SHA512

89db20536030f28af5997d4b93e90ead0ccd7299d6777d422159a0a41b658274743a390fed1a9f942b668f4f04afd1119e7b4a41356b10ea37393c8b5e05f5ea

Score

10^/10

ransomware persistence evasion spyware

Malware Config

Extracted

Path

C:\info-decrypt.txt

Ransom Note

All your files have been encrypted ! ( All your files have been encrypted with AES256 + RSA2048 Algorithm due to a security problem with your PC ) - If you want to restore them, write us to the e-mail : [email protected] - Write this ID in the title of your message : F822B9BB - If you do not receive a response within 12 hours, send a message to this email : [email protected] ( You have to pay for decryption in Bitcoins ) - The price depends on how fast you write to us. - After payment we will send you the decryption tool that will decrypt all your files. ( Free decryption as guarantee ) - Before paying you can send us up to 1 file for free decryption. - The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) ( How to obtain Bitcoins ) - The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. - https://localbitcoins.com/buy_bitcoins - Also you can find other places to buy Bitcoins and beginners guide here: - http://www.coindesk.com/information/how-can-i-buy-bitcoins/ - [ pewpew TEAM ]

Emails

[email protected]

Signatures

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490
Modifies Windows Firewall 1 TTPs
evasion

Modify Existing Service
T1031
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Drops desktop.ini file(s) 13 IoCs

description	ioc	Process
File created	C:\Program Files\desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.ini	pewpew_p.bin.exe
File created	C:\Program Files (x86)\desktop.ini	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	pewpew_p.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	pewpew_p.bin.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
17	ip-api.com

Modifies service 2 TTPs 5 IoCs

persistence

Modify Registry

T1112

Modify Existing Service

T1031

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer	vssvc.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe
864	pewpew_p.bin.exe

Drops file in Program Files directory 1168 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PDDom.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\UnifiedShare.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_pdf_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\dd_arrow_small.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluNoSearchResults_180x160.svg	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\create_form.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\CompareStep.cab	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\sendforsignature.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\selection-actions.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\StorageConnectors.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Updater.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-disabled.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses_selected-hover.svg	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Search.api	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\distribute_form.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\InAppSign.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_de_DE.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-disabled_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons_retina.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\export.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses-hover.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress-indeterminate.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_comment_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\RHP_icons_2x.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\ExitSelect.potx	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\organize.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\xjc.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-hover_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ccloud_retina.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\ktab.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyclient.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_download_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_rename_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DVA.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\delete.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-dark-focus_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_anonymoususer_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\7-Zip\Lang\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close.png	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\close_x.png	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\bin\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\GrantClear.tif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_audit_report_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\spectrum_spinner_process.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libEGL.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-144x144-precomposed.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\sendforcomments.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_partialselected-default_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\createpdf.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_received.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reportabuse-default_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_export_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\jdwpTransport.h	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview_selected.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\PushSet.bat	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_closereview_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-disabled_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PPKLite.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\large_trefoil_2x.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\schemagen.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\DisableRedo.mpp	pewpew_p.bin.exe
File created	C:\Program Files\7-Zip\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\dcpr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\pdf.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_removeme-default_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-mac.css	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_es.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DigSig.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluEmptyStateCCFiles_280x192.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\createpdf.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\fillandsign.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_empty_state.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\virgo-new-folder.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\cloud_icon.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-144x144-precomposed.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\over-arrow-navigation.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-down_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_editpdf_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons_retina_thumb.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\kinit.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\klist.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\SelectUse.ogg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\japanese_over.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyrun.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files\ClearDisable.raw	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_uinline_warning.svg	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_replace_signer_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\delete.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil_2x.png	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_editpdf_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_history_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\Services\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\README.html	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\variant.js	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\AddressBook.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-default_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations_retina.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\attach.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\en-US\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files (x86)\info-decrypt.txt	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-dark-disabled_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-down_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_link_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\serialver.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\ij.bat	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\MyriadCAD.otf	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libGLESv2.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_agreement_filetype.svg	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\rename.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\EnableOpen.tif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-57x57-precomposed.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\share.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Review_RHP.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\EScript.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_move_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-default_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-57x57-precomposed.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\duplicate.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\spectrum_spinner.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\wsimport.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\sysinfo.bat	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\editpdf.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\logo_retina.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-hover.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-hover_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ccloud.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_hover_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgePackages.h	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-down.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\policytool.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\jvmticmlr.h	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\LightTheme.acrotheme	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win.css	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_int_2x.gif	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_2x.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\java.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Microsoft.VCLibs.x86.14.00.appx	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\3difr.x3d	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_ok.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluDCFilesEmpty_180x180.svg	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-focus_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_newfolder_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner2x.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-focus.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_duplicate_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\warning.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-default.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_opencarat_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\sendforsignature.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pl.jar	pewpew_p.bin.exe
File created	C:\Program Files\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\br.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prcr.x3d	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_agreement_filetype.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkClientCP.bat	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_filetype_psd.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-focus_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_shared.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\version.js	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluError_136x136.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\svgCheckboxSelected.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_fillandsign_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_issue.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInTray.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_auditreport_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\include\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\Close.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jmap.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_checkbox_selected_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\info.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tr.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCallbacks.h	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_highcontrast.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\init.js	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-ui-theme.css	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_cs.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\win32\jawt_md.h	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-down.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\Close2x.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_CN.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_export_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-default_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview_selected-hover.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-default.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\index.html	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_multi_filetype.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\derby_common.bat	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\editpdf.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\japanese_over.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons.png	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_delete_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reject_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOnNotificationInAcrobat.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\DarkTheme.acrotheme	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_nextarrow_default.svg	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\images\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-focus.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\jvmti.h	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_duplicate_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_wob.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-hover.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_unshare_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_filetype_xd.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ccloud.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-down_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\stopNetworkServer.bat	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\awt.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_selected_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_hiContrast_bow.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress-indeterminate.gif	pewpew_p.bin.exe
File created	C:\Program Files\info-decrypt.txt	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\ended_review_or_form.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\main.css	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbynet.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\open_original_form.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_browser.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\delete.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview_selected-hover.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\sendforcomments.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main.css	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\dd_arrow_small.png	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\include\win32\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\acrobat_parcel_generic_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-down_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations_retina.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\RHP_icons.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons_retina_thumb.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef.css	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_up_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_super.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annots.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-72x72-precomposed.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\large_trefoil.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_fr.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_download_pdf_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_it.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\license.html	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\remove.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\download.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\over-arrow-navigation.svg	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-disabled.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\organize.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_closereview_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\stop_collection_data.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-default.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_hu.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\share.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\rename.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_unselected_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\en-US\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\EnableAdd.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\favicon.ico	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ind_prog.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_highcontrast.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\AddressBook2x.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\javafx-src.zip	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-default.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\bci.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\acrobat_parcel_generic_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv58.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-default_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\MakeAccessible.api	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\favicon.ico	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\fillandsign.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_hiContrast_wob.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner_dark2x.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_download_audit_report_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\ConvertReset.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\bl.gif	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files (x86)\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html	pewpew_p.bin.exe
File opened for modification	C:\Program Files\CloseLock.mhtml	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Spelling.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses_selected.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_single_filetype.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\QRCode.pmp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_same_reviewers.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\download.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.h	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_newfolder-default.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_share_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\widevinecdmadapter.dll	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\eula.ini	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-disabled.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\jni.h	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluCCFilesEmpty_180x180.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\acrobat_pdf.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_cancel_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_joined.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl.bat	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluNoInternetConnection_120x80.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_multi_filetype.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_2x.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_anonymoususer_24.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_anonymoususer_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner_dark.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ru.jar	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-default_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\msvcr100.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\editpdf.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_int.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_delete_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\spectrum_spinner.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\classfile_constants.h	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win8.css	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_int.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-disabled_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adc_logo.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\export.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-disabled_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer.bat	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SendMail.api	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\plugins.js	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-114x114-precomposed.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html	pewpew_p.bin.exe
File created	C:\Program Files\desktop.ini	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\selection-actions2x.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_cancel_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tl.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.c	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jli.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-high-contrast.css	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\duplicate.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\jawt.h	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\organize.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\move.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\wab32.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ind_prog.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\tnameserv.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_backarrow_default.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner2x.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\snapshot_blob.bin	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DropboxStorage.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\end_review.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview-hover.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\comment.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-down_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_TW.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\natives_blob.bin	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close2x.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-disabled.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_anonymoususer_24.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\submission_history.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_auditreport_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\fillandsign.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_initiator.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\form_responses.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RDCNotificationClient.appx	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\manifest.json	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_checkbox_unselected_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-hover_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt58.dll	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_comment_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ko_KR.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\remove.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\comment.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\close_x.png	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IPSEventLogMsg.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-hover_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmic.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-focus_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_up_hover_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\base_uris.js	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\export.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluEmptyStateDCFiles_280x192.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_nothumbnail_34.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia.api	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner_mini.gif	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adc_logo.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-disabled_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\FlickLearningWizard.exe.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\SyncUnlock.vssx	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_lg.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SaveAsRTF.api	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\duplicate.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\setEmbeddedCP.bat	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-hover_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ja_JP.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-down.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner_dark.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\ApproveResume.ex_	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jmc.ini	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\SearchEmail2x.png	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\download.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses_selected.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\move.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-default_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\sendforsignature.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_highcontrast_retina.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\logo_retina.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_wob.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\acrobat_pdf.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\trash.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ccloud_retina.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pt_BR.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_super.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_single_filetype.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\IA32.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sendforsignature_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_empty_state.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_int_2x.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_24.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Internet Explorer\SIGNUP\install.ins	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\adobepdf.xdc	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_selected_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Toast.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\svgCheckboxUnselected.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluEmptyFolder_160.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_organize_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkServerCP.bat	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.war	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses_selected-hover.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\weblink.api	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\add_reviewer.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\RHP_icons_2x.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail2x.png	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\lib\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\CheckpointSave.doc	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-hover.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\svgCheckboxSelected.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\orbd.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-hover_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_email.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\AddressBook2x.png	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\keytool.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\spectrum_spinner_process.svg	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\core_icons.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook.bat	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\wab32res.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_selectlist_checkmark_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\share.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbytools.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\eBook.api	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview-hover.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_checkbox_partialselected-default_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_filetype_psd.svg	pewpew_p.bin.exe
File created	C:\Program Files (x86)\desktop.ini	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_up_selected_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\win32\jni_md.h	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\en-US.pak	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\SearchEmail.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_all.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\DisconnectExit.cab	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\core_icons_retina.png	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_fillandsign_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_forward_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reminders_18.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_sent.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll	pewpew_p.bin.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_signed_out.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\selection-actions2x.png	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview_selected.svg	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons_retina_thumb_new.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\svgCheckboxUnselected.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sendforcomments_18.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\rss.gif	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-down_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-focus_32.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses-hover.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons__retina_hiContrast_wob.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner_mini.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\RHP_icons.png	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	pewpew_p.bin.exe
File created	C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\selection-actions.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\AddressBook.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-hover.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\sendforcomments.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-72x72-precomposed.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_backarrow_default.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\comment.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyoptionaltools.jar	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOnNotificationInTray.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-focus_32.svg	pewpew_p.bin.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files\WaitGet.inf	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\info-decrypt.hta	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_bow.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInAcrobat.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\cloud_icon.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner_dark2x.gif	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons__retina_hiContrast_bow.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\rename.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\info-decrypt.hta	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\move.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	pewpew_p.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\2d.x3d	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_filetype_xd.svg	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-114x114-precomposed.png	pewpew_p.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter_18.svg	pewpew_p.bin.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\info-decrypt.txt	pewpew_p.bin.exe

Interacts with shadow copies 2 TTPs 2 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1107

Inhibit System Recovery

T1490

pid	Process
2252	vssadmin.exe
2480	vssadmin.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	864	pewpew_p.bin.exe
Token: SeBackupPrivilege	1132	vssvc.exe
Token: SeRestorePrivilege	1132	vssvc.exe
Token: SeAuditPrivilege	1132	vssvc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
864	pewpew_p.bin.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 3392	864	pewpew_p.bin.exe	76
PID 864 wrote to memory of 3392	864	pewpew_p.bin.exe	76
PID 864 wrote to memory of 3392	864	pewpew_p.bin.exe	76
PID 864 wrote to memory of 1352	864	pewpew_p.bin.exe	77
PID 864 wrote to memory of 1352	864	pewpew_p.bin.exe	77
PID 3392 wrote to memory of 2252	3392	cmd.exe	81
PID 3392 wrote to memory of 2252	3392	cmd.exe	81
PID 3392 wrote to memory of 2252	3392	cmd.exe	81
PID 1352 wrote to memory of 2480	1352	cmd.exe	82
PID 1352 wrote to memory of 2480	1352	cmd.exe	82
PID 864 wrote to memory of 3952	864	pewpew_p.bin.exe	85
PID 864 wrote to memory of 3952	864	pewpew_p.bin.exe	85
PID 864 wrote to memory of 3940	864	pewpew_p.bin.exe	86
PID 864 wrote to memory of 3940	864	pewpew_p.bin.exe	86

C:\Users\Admin\AppData\Local\Temp\pewpew_p.bin.exe
"C:\Users\Admin\AppData\Local\Temp\pewpew_p.bin.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c vssadmin.exe delete shadows /all /quiet
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3392
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin.exe delete shadows /all /quiet
    3⤵
    - Interacts with shadow copies
    PID:2252
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /C vssadmin Delete Shadows /All /Quiet
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1352
- - C:\Windows\system32\vssadmin.exe
    vssadmin Delete Shadows /All /Quiet
    3⤵
    - Interacts with shadow copies
    PID:2480
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" Advfirewall set allprofiles state off
  2⤵
  PID:3952
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" Advfirewall set allprofiles state off
  2⤵
  PID:3940

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Modifies service
- Suspicious use of AdjustPrivilegeToken
PID:1132

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

File Deletion

T1107

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact